Figure 1 Networking diagram for configuring MAC address authentication
#
sysname Switch
#
vlan batch 10 20
#
authentication-profile name p1 // In this mode, you can reference multiple ports and modify authentication parameters in batches.
mac-access-profile m1 // Specifies the authentication mode used by the template.
authentication mode multi-authen max-user 100 // applies to the scenario that requires high security and in which multiple data terminals are connected to the network on the device interface. In this access mode, you can configure the maximum number of access users based on the actual user quantity on the interface. This prevents malicious users from occupying a large amount of device resources and ensures that the users on other device interfaces can normally go online.
access-domain huawei.com force // All users connected to the port that references the authentication profile are managed by the domain huawei.com. If this command does not exist, the user is managed in the default global default domain.
#
radius-server template rd1
radius-server shared-key cipher %#%#4*SO-2u,Q.\1C~%[eiB77N/^2wME;6t%6U@qAJ9:%#%#
radius-server authentication 192.168.2.30 1812 weight 80
#
mac-access-profile name m1
#
aaa
authentication-scheme abc
authentication-mode radius
domain huawei.com // A domain is required to manage dumb terminals with MAC address authentication.
authentication-scheme abc
radius-server rd1
#
interface GigabitEthernet1/0/1
port link-type access
port default vlan 10
authentication-profile p1 // Do not forget to apply the created authentication profile to an interface.
#
interface GigabitEthernet1/0/2
port link-type access
port default vlan 20
#
interface Vlanif10
ip address 192.168.1.10 255.255.255.0
#
interface Vlanif20
ip address 192.168.2.10 255.255.255.0
#
return
