Local mac authentication configuration example, Network requirements, Configuring a local user – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

288

Item Description

Enable MAC VLAN

Select the check box to enable MAC-based VLAN on the port.

NOTE:

You can enable MAC authentication only on hybrid ports.

Auth-Fail VLAN

Specify a VLAN as the Auth-Fail VLAN.

IMPORTANT:

•

The Auth-Fail VLAN function has higher priority than the quiet function of
MAC authentication. A user can access any resources.

•

The MAC authentication Auth-Fail VLAN function has higher priority than
the block MAC action but lower priority than the shut down port action of

the port intrusion protection feature. For more information about port

intrusion protection, see the chapter

"Port security

."

Local MAC authentication configuration example

Network requirements

As shown in

Figure 262

, perform local MAC authentication on port GigabitEthernet 2/01 to control

Internet access. Ensure the following:

•

All users belong to the domain aabbcc.net.

•

Local users use their MAC addresses as the username and password for MAC authentication. The
MAC addresses are hyphenated and in lower case.

•

The access device detects whether a user has gone offline every 180 seconds. When a user fails
authentication, the device does not authenticate the user within 180 seconds.

Figure 262 Network diagram

Configuring a local user

Add a local user, setting the username and password as 00-e0-fc-12-34-56, the MAC address of the user,

and the service type to LAN access. (Details not shown)

Creating an ISP domain

1.

From the navigation tree, select Authentication > AAA.
The Domain Setup page appears.

2.

Type aabbcc.net as the domain name, and click Apply.