R0106-HP MSR Router Series Security Configuration Guide(V7)
107
Offline detect period : 180 s
Quiet period : 180 s
Server timeout : 100 s
Authentication domain : bbb
Max MAC-auth users : 1024 per slot
Online MAC-auth users : 1
Silent MAC users:
MAC address VLAN ID From port Port index
00e0-fc11-1111 8 GigabitEthernet2/1/1 1
GigabitEthernet2/1/1 is link-up
MAC authentication : Enabled
Authentication domain : Not configured
Auth-delay timer : Disabled
Re-auth server-unreachable : Logoff
Max online users : 256
Authentication attempts : successful 1, failed 0
Current online users : 1
MAC address Auth state
00e0-fc12-3456 Authenticated
The output shows that Host A has passed MAC authentication and come online. Host B failed MAC
authentication and its MAC address is marked as a silent MAC address.
RADIUS-based MAC authentication configuration example
Network requirements
As shown in Figure 37, a host is connected to port GigabitEthernet 2/1/1 of the device. The device uses
RADIUS servers for authentication, authorization, and accounting.
To control user access to the Internet, configure MAC authentication on port GigabitEthernet 2/1/1, as
follows:
• Configure the device to detect whether a user has gone offline every 180 seconds. If a user fails
MAC authentication, deny the user for 180 seconds.
• Configure all users to belong to the ISP domain bbb.
• Use a shared user account for all users, with the username aaa and password 123 456 .
Figure 37 Network diagram