R3303-HP HSR6800 Routers Security Configuration Guide
115
[Router] local-user 00-e0-fc-12-34-56
[Router-luser-00-e0-fc-12-34-56] password simple 00-e0-fc-12-34-56
[Router-luser-00-e0-fc-12-34-56] service-type lan-access
[Router-luser-00-e0-fc-12-34-56] quit
# Configure ISP domain aabbcc.net to perform local authentication for LAN access users.
[Router] domain aabbcc.net
[Router-isp-aabbcc.net] authentication lan-access local
[Router-isp-aabbcc.net] quit
# Enable MAC authentication globally.
[Router] mac-authentication
# Enable MAC authentication on port GigabitEthernet 3/0/1.
[Router] mac-authentication interface gigabitethernet 3/0/1
# Specify the ISP domain for MAC authentication.
[Router] mac-authentication domain aabbcc.net
# Set the MAC authentication timers.
[Router] mac-authentication timer offline-detect 180
[Router] mac-authentication timer quiet 180
# Configure MAC authentication to use MAC-based accounts. The MAC address usernames and
passwords are hyphenated and in lowercase.
[Router] mac-authentication user-name-format mac-address with-hyphen lowercase
Verifying the configuration
# Display MAC authentication settings and statistics.
<Router> display mac-authentication
MAC address authentication is enabled.
User name format is MAC address in lowercase, like xx-xx-xx-xx-xx-xx
Fixed username:mac
Fixed password:not configured
Offline detect period is 180s
Quiet period is 180s.
Server response timeout value is 100s
The max allowed user number is 2048 per slot
Current user number amounts to 1
Current domain is aabbcc.net
Silent Mac User info:
MAC Addr From Port Port Index
Gigabitethernet3/0/1 is link-up
MAC address authentication is enabled
Authenticate success: 1, failed: 0
Max number of on-line users is 1024
Current online user number is 1
MAC Addr Authenticate state Auth Index
00e0-fc12-3456 MAC_AUTHENTICATOR_SUCCESS 52
# After the user passes authentication, use the display connection command to display the online user
information.
<Router> display connection