R0106-HP MSR Router Series Security Configuration Guide(V7)
105
Ste
p
Command
Remarks
3. Enable the keep-online feature
for authenticated MAC
authentication users on the port.
mac-authentication re-authenticate
server-unreachable keep-online
By default, the keep-online
feature is disabled.
This command takes effect only
when the authentication server
assigns reauthentication
attributes to the device.
Displaying and maintaining MAC authentication
Execute display commands in any view and reset commands in user view.
Task Command
Display MAC authentication information.
display mac-authentication [ interface interface-type
interface-number ]
Display MAC authentication connections
(MSR2000/MSR3000).
display mac-authentication connection [ interface
interface-type interface-number | user-mac mac-addr |
user-name user-name ]
Display MAC authentication connections
(MSR4000).
display mac-authentication connection [ interface
interface-type interface-number | slot slot-number |
user-mac mac-addr | user-name user-name ]
Clear MAC authentication statistics.
reset mac-authentication statistics [ interface interface-type
interface-number ]
MAC authentication configuration examples
Local MAC authentication configuration example
Network requirements
As shown in Figure 36, configure local MAC authentication on port GigabitEthernet 2/1/1 to control
Internet access, as follows:
• Configure the device to detect whether a user has gone offline every 180 seconds. If a user fails
MAC authentication, deny the user for 180 seconds.
• Configure all users to belong to the ISP domain bbb, and specify local authentication for users in the
domain.
• Use the MAC address of each user as the username and password for authentication. A MAC
address is in the hexadecimal notation with hyphens, and letters are in lower case.