R3303-HP HSR6800 Routers Security Configuration Guide
114
Ste
p
Command
Remarks
2. Specify an authentication
domain for MAC
authentication users in
system view or interface
view.
• In system view:
mac-authentication domain
domain-name
• In interface view:
a. interface interface-type
interface-number
b. mac-authentication domain
domain-name
By default, the system default
authentication domain is used for
MAC authentication users.
Displaying and maintaining MAC authentication
Task Command
Remarks
Display MAC authentication
information.
display mac-authentication [ interface
interface-list ] [ | { begin | exclude |
include } regular-expression ]
Available in any view.
Clear MAC authentication
statistics.
reset mac-authentication statistics
[ interface interface-list ]
Available in user view.
MAC authentication configuration examples
Local MAC authentication configuration example
Network requirements
In the network in Figure 41, perform local MAC authentication on port GigabitEthernet 3/0/1 to control
Internet access.
• All users belong to domain aabbcc.net.
• Local users use their MAC addresses as the usernames and passwords for MAC authentication. The
MAC addresses are hyphen separated and in lower case.
• The router detects whether a user has gone offline every 180 seconds. When a user fails
authentication, the router does not authenticate the user within 180 seconds.
Figure 41 Network diagram
Configuration procedure
# Add a local user account, set both the username and password to 00-e0-fc-12-34-56, the MAC address
of the user host, and enable LAN access service for the account.
<Router> system-view