227Guest VLAN auth-period : 30 sCritical VLAN : Not configuredHost mode : Single VLANOffline detection : EnabledMax online users : 4294967295Authentication attempts : successful 1, failed 0Current online users : 1MAC address Auth state00e0-fc12-3456 AuthenticatedExample: Configuring ACL assignment for MACauthenticationNetwork configurationAs shown in Figure 71, configure the device to meet the following requirements:• Use RADIUS servers to perform authentication, authorization, and accounting for users.• Perform MAC authentication on GigabitEthernet 1/0/1 to control Internet access.• Use MAC-based user accounts for MAC authentication users. Each MAC address is in thehexadecimal notation with hyphens, and letters are in lower case.• Use an ACL to deny authenticated users to access the FTP server at 10.0.0.1.Figure 71 Network diagramProcedureMake sure the RADIUS servers and the access device can reach each other.1. Configure ACL 3000 to deny packets destined for 10.0.0.1. system-view[Device] acl advanced 3000[Device-acl-ipv4-adv-3000] rule 0 deny ip destination 10.0.0.1 0[Device-acl-ipv4-adv-3000] quit2. Configure RADIUS-based MAC authentication on the device:# Configure a RADIUS scheme.[Device] radius scheme 2000[Device-radius-2000] primary authentication 10.1.1.1 1812[Device-radius-2000] primary accounting 10.1.1.2 1813[Device-radius-2000] key authentication simple abc