R2511-HP MSR Router Series Security Configuration Guide(V5)

ManualsBrandsHP ManualsNetwork HardwareHP MSR1003-8 AC Router

131

132

133

134

135

136

137

138

139

140

121

Verifying the configuration

# Display MAC authentication settings and statistics.

<Device> display mac-authentication

MAC address authentication is enabled.

User name format is MAC address in lowercase, like xx-xx-xx-xx-xx-xx

Fixed username:mac

Fixed password:not configured

Offline detect period is 180s

Quiet period is 180s.

Server response timeout value is 100s

The max allowed user number is 1024 per slot

Current user number amounts to 1

Current domain is aabbcc.net

Silent Mac User info:

MAC Addr From Port Port Index

Gigabitethernet1/1 is link-up

MAC address authentication is enabled

Authenticate success: 1, failed: 0

Max number of on-line users is 256

Current online user number is 1

MAC Addr Authenticate state Auth Index

00e0-fc12-3456 MAC_AUTHENTICATOR_SUCCESS 29

# After the user passes authentication, use the display connection command to display the online user

information.

<Device> display connection

Index=29 ,Username=00-e0-fc-12-34-56@aabbcc.net

MAC=00-E0-FC-12-34-56

IP=N/A

IPv6=N/A

Total 1 connection(s) matched.

RADIUS-based MAC authentication configuration example

Network requirements

As shown in Figure 46, a host connects to port GigabitEthernet 1/1 on the access device. The device

uses RADIUS servers for authentication, authorization, and accounting.

Perform MAC authentication on port GigabitEthernet 1/1 to control Internet access. Make sure:

• The device detects whether a user has gone offline every 180 seconds. If a user fails authentication,

the device does not authenticate the user within 180 seconds.

• All MAC authentication users belong to ISP domain 2000 and share the user account aaa with

password 123456.