H3C Technologies H3C S3100 Series Switches User Manual
Page 352
Operation Manual – Centralized MAC Address Authentication
H3C S3100-52P Ethernet Switch
Chapter 1 Centralized MAC Address
Authentication Configuration
1-6
1.4 Centralized MAC Address Authentication Configuration
Example
Note:
Centralized MAC address authentication configuration is similar to that of 802.1x. In
this example, the differences between the two lie in:
z
Centralized MAC address authentication needs to be enabled both globally and for
a port.
z
In MAC address mode, MAC address of locally authenticated user is used as both
user name and password.
z
In MAC address mode, MAC address of user authenticated by RADIUS server need
to be configured as both user name and password on the RADIUS server.
The following section describes how to enable centralized MAC address authentication
globally and for a port, and how to configure a local user. For other related configuration,
refer to the configuration examples in “802.1x” Configuration.
# Enable centralized MAC address authentication for Ethernet 1/0/2 port.
[H3C] mac-authentication interface Ethernet 1/0/2
# Configure centralized MAC address authentication mode as MAC address mode, and
use hyphened MAC addresses as the user names and passwords for authentication.
[H3C] mac-authentication authmode usernameasmacaddress userformat
with-hyphen
# Add a local user.
z
Configure the user name and password.
[H3C] local-user 00-e0-fc-01-01-01
[H3C-luser-00-e0-fc-01-01-01] password simple 00-e0-fc-01-01-01
z
Set service type of the local user to lan-access.
[H3C-luser-00-e0-fc-01-01-01] service-type lan-access
# Enable centralized MAC address authentication globally.
[H3C-luser-00-e0-fc-01-01-01] quit
[H3C] mac-authentication
# Configure the domain name for centralized MAC address authentication users as
aabbcc163.net.
[H3C] mac-authentication domain aabbcc163.net
For domain-related configuration, refer to the “802.1x” Configuration Example part of
this manual.