H3C LS-3100-52P-OVS-H3 Operation Manual - page 1383
1-4
z
You can configure MAC authentication for ports first. However, the configuration takes effect only
after you enable MAC authentication globally.
z
Enabling MAC authentication on a port is mutually exclusive with adding the port to an aggregation
group and adding the port to a service loopback group.
z
For details about the default ISP domain, refer to AAA Configuration in the Security Volume.
Displaying and Maintaining MAC Authentication
To do…
Use the command…
Remarks
Display the global MAC
authentication information or the
MAC authentication information
about specified ports
display mac-authentication
[ interface interface-list ]
Available in any view
Clear the MAC authentication
statistics
reset mac-authentication
statistics [ interface interface-list ]
Available in user view
MAC Authentication Configuration Examples
Local MAC Authentication Configuration Example
Network requirements
As illustrated in
Figure 1-1
, a supplicant is connected to the device through port GigabitEthernet 1/0/1.
z
Local MAC authentication is required on every port to control user access to the Internet.
z
All users belong to domain aabbcc.net.
z
Local users use their MAC addresses as the usernames and passwords for authentication.
z
Set the offline detect timer to 180 seconds and the quiet timer to 3 minutes.
Figure 1-1 Network diagram for local MAC authentication
Configuration procedure
1) Configure MAC authentication on the device
# Add a local user, setting the username and password as 00-e0-fc-12-34-56, the MAC address of the
user.
[Device] local-user 00-e0-fc-12-34-56
[Device-luser-00-e0-fc-12-34-56] password simple 00-e0-fc-12-34-56
[Device-luser-00-e0-fc-12-34-56] service-type lan-access