Configuring The Macaddresselseuserloginsecure Mode - H3C S5500-SI Series Operation Manual

Hide thumbs Also See for S5500-SI Series:

Table of Contents

EAPOL Packet: Tx 16331, Rx 102

Sent EAP Request/Identity Packets : 16316

EAP Request/Challenge Packets: 6

EAP Success Packets: 4, Fail Packets: 5

Received EAPOL Start Packets : 6

EAPOL LogOff Packets: 2

EAP Response/Identity Packets : 80

EAP Response/Challenge Packets: 6

Error Packets: 0

1. Authenticated user : MAC address: 0002-0000-0011

Controlled User(s) amount to 1

In addition, the port allows an additional user whose MAC address has an OUI among the specified

OUIs to access the port. You can use the following command to view the related information:

<Switch> display mac-address interface gigabitethernet 1/0/1

1234-0300-0011

1 mac address(es) found

Configuring the macAddressElseUserLoginSecure Mode

Network requirements

The client is connected to the switch through GigabitEthernet 1/0/1. The switch authenticates the client

by the RADIUS server. If the authentication succeeds, the client is authorized to access the Internet.

Restrict port GigabitEthernet 1/0/1 of the switch as follows:

Allow more than one MAC authenticated user to log on.

For 802.1X users, perform MAC authentication first and then, if MAC authentication fails, 802.1X

authentication. Allow only one 802.1X user to log on.

Set fixed username and password for MAC-based authentication. Set the total number of MAC

authenticated users and 802.1X-authenticated users to 64.

Enable NTK to prevent frames from being sent to unknown MAC addresses.

Configuration procedure

Configurations on the host and RADIUS servers are omitted.

Configure the RADIUS protocol

The required RADIUS authentication/accounting configurations are the same as those in

the userLoginWithOUI

GigabitEthernet1/0/1

AGING TIME(s)

Table of Contents