84MAC Addr Auth state00e0-fc12-3456 authenticatedRADIUS-based MAC authentication configuration exampleNetwork requirementsAs shown in Figure 33, a host is connected to port Ten-GigabitEthernet 1/0/1 of the device. The deviceuses RADIUS servers for authentication, authorization, and accounting.To control user access to the Internet, configure MAC authentication on port Ten-GigabitEthernet 1/0/1,as follows:• Configure the device to detect whether a user has gone offline every 180 seconds, and if a user failsauthentication, deny the user for 180 seconds.• Configure all users to belong to the ISP domain 2000.• Use a shared user account for all users, with the username aaa and password 123456.Figure 33 Network diagramConfiguration procedure1. Make sure the RADIUS server and the access device can reach each other.2. Create a shared account for MAC authentication users on the RADIUS server, and set theusername aaa and password 123456 for the account. (Details not shown.)3. Configure RADIUS-based MAC authentication on the device:# Configure a RADIUS scheme. system-view[Device] radius scheme 2000[Device-radius-2000] primary authentication 10.1.1.1 1812[Device-radius-2000] primary accounting 10.1.1.2 1813[Device-radius-2000] key authentication simple abc[Device-radius-2000] key accounting simple abc[Device-radius-2000] user-name-format without-domain[Device-radius-2000] quit# Apply the RADIUS scheme to ISP domain 2000 for authentication, authorization, andaccounting.[Device] domain 2000[Device-isp-2000] authentication default radius-scheme 2000[Device-isp-2000] authorization default radius-scheme 2000