beautypg.com

Mac authentication configuration example – H3C Technologies H3C WX3000 Series Unified Switches User Manual

Page 290

background image

29-7

To do…

Use the command…

Remarks

Clear the statistics of global or
on-port MAC authentication

reset mac-authentication statistics
[ interface interface-type
interface-number

]

Available in user view

MAC Authentication Configuration Example

Network requirements

As illustrated in

Figure 29-1

, a supplicant is connected to Switch through port GigabitEthernet 1/0/2.

z

MAC authentication is required on port GigabitEthernet 1/0/2 to control user access to the Internet.

z

All users belong to domain aabbcc.net. The authentication is performed locally and the MAC
address of the PC (00-0d-88-f6-44-c1) is used as both the username and password.

Figure 29-1

Network diagram for MAC authentication configuration

IP network

PC

MAC: 00-0d-88-f6-44-c1

Switch

GE 1/0/2

Configuration Procedure

# Enable MAC authentication on port GigabitEthernet 1/0/2.

system-view

[device] mac-authentication interface GigabitEthernet 1/0/2

# Specify to use the user MAC address as both the username and password for MAC authentication,
and specify the MAC address format as hyphened lowercase MAC address.

[device] mac-authentication authmode usernameasmacaddress usernameformat with-hyphen

lowercase

# Add a local user.

z

Specify the username and password.

[device] local-user 00-0d-88-f6-44-c1

[device-luser-00-0d-88-f6-44-c1] password simple 00-0d-88-f6-44-c1

z

Set the service type to “lan-access”.

[device-luser-00-0d-88-f6-44-c1] service-type lan-access

[device-luser-00-0d-88-f6-44-c1] quit

# Add an ISP domain named aabbcc.net.

[device] domain aabbcc.net

New Domain added.

# Specify to perform local authentication.

[device-isp-aabbcc.net] scheme local

[device-isp-aabbcc.net] quit

# Specify aabbcc.net as the ISP domain for MAC authentication

[device] mac-authentication domain aabbcc.net

# Enable MAC authentication globally (This is usually the last step in configuring access control related
features. Otherwise, a user may be denied of access to the networks because of incomplete
configuaration.)

See also other documents in the category H3C Technologies Routers: