Table of Contents
Advertisement
Security MAC address attribute
Learning mode
Aging type
Max secure MAC addresses
Current secure MAC addresses
Authorization
NAS-ID profile is not configured
# Display information about the online 802.1X user to verify 802.1X configuration.
[Device] display dot1x
# Verify that the port also allows one user whose MAC address has an OUI among the specified
OUIs to pass authentication.
[Device] display mac-address interface fortygige 1/1/1
MAC Address
1234-0300-0011
macAddressElseUserLoginSecure configuration example
Network requirements
As shown in
authenticates the client by a RADIUS server. If the authentication succeeds, the client is authorized
to access the Internet.
Configure port FortyGigE 1/1/1 of the device to meet the following requirements:
•
Allow more than one MAC authenticated user to log on.
•
For 802.1X users, perform MAC authentication first and then, if MAC authentication fails,
802.1X authentication. Allow only one 802.1X user to log on.
•
Use the MAC address of each user as the username and password for authentication. A MAC
address is in the hexadecimal notation with hyphens, and letters are in upper case.
•
Set the total number of MAC authenticated users and 802.1X authenticated users to 64.
•
Enable NTK (ntkonly mode) to prevent frames from being sent to unknown MAC addresses.
Figure 73 Network diagram
Configuration procedure
Make sure the host and the RADIUS server can reach each other.
1.
Configure RADIUS authentication/accounting and ISP domain settings. (See
"userLoginWithOUI configuration
2.
Configure port security:
# Enable port security.
<Device> system-view
VLAN ID
State
1
Learned
Figure
73, a client is connected to the device through FortyGigE 1/1/1. The device
: Sticky
: Periodical
: Not configured
: 1
: Permitted
Port
FortyGigE1/1/1
example.")
200
Aging
Y
Advertisement
Table of Contents
Troubleshooting
