Verifying the configuration, Network requirements – H3C Technologies H3C S6300 Series Switches User Manual
Page 101
86
[Device] mac-authentication timer quiet 180
# Configure MAC authentication to use MAC-based accounts. The MAC address usernames and
passwords are hyphenated and in lower case.
[Device] mac-authentication user-name-format mac-address with-hyphen lowercase
# Enable MAC authentication globally.
[Device] mac-authentication
Verifying the configuration
# Display MAC authentication settings and statistics.
[Device] display mac-authentication
MAC authentication is enabled
User name format is MAC address in lowercase, like xx-xx-xx-xx-xx-xx
Fixed username: mac
Fixed password: Not configured
Offline detect period is 180s
Quiet period is 180s
Server response timeout value is 100s
Max number of users is 2048 per slot
Current number of online users is 1
Current authentication domain is bbb
Silent MAC user info:
MAC Addr VLAN ID From Port Port Index
00e0-fc11-1111 8 Ten-GigabitEthernet1/0/1 1
Ten-GigabitEthernet1/0/1 is link-up
MAC authentication is enabled
Max number of online users is 2048
Current number of online users is 1
Current authentication domain: Not configured
MAC auth-delay is disabled
Authentication attempts: successful 1, failed 0
MAC Addr Auth state
00e0-fc12-3456 authenticated
The output shows that Host A has passed MAC authentication and gets online. Host B failed MAC
authentication and its MAC address is marked as a silent MAC address.
RADIUS-based MAC authentication configuration example
Network requirements
As shown in
, a host is connected to port Ten-GigabitEthernet 1/0/1 of the device. The device
uses RADIUS servers for authentication, authorization, and accounting.
To control user access to the Internet, configure MAC authentication on port Ten-GigabitEthernet 1/0/1,
as follows:
•
Configure the device to detect whether a user has gone offline every 180 seconds, and if a user fails
authentication, deny the user for 180 seconds.