Displaying And Debugging Centralized Mac Address Authentication; Centralized Mac Address Authentication Configuration Example - 3Com 5500-SI Configuration Manual
5500 series
Hide thumbs
Also See for 5500-SI:
- Datasheet (9 pages) ,
- Getting started manual (148 pages) ,
- Quick reference manual (59 pages)
Table of Contents
Advertisement
Displaying and
Debugging Centralized
MAC Address
Authentication
Centralized MAC
Address Authentication
Configuration Example
Server-timeout timer. If the connection between a switch and a RADIUS server
■
times out when the switch authenticates a user on one of its ports, the switch
turns down the user. You can use the server-timeout timer to set the time out
time.
Table 177 lists the operations to set centralized MAC address authentication
■
timers.
Table 177 Set a centralized MAC address authentication timer
Operation
Enter system view
Set a centralized MAC
address authentication
timer
You can display and verify centralized MAC address authentication-related
configuration by executing the display command in any view.
Table 178 Display and debug centralized MAC address authentication
Operation
Display global information
about centralized MAC address
authentication
The configuration of centralized MAC address authentication is the same as that of
802.1x in this example except that:
Centralized MAC address authentication is enabled both globally and for the
■
ports.
For MAC address mode, the user name and password of a user to be
■
authenticated locally need to be configured as the MAC address of the user.
For MAC address mode, the user name and password of a user to be
■
authenticated by a RADIUS server need to be configured as the MAC address of
the user on the RADIUS server.
The following example describes how to enable port-based and global centralized
MAC address authentication, and local user configuration.
1 Enable centralized MAC address authentication on GigabitEthernet1/0/2 port.
<S5500> system-view
[S5500] mac-authentication interface GigabitEthernet 1/0/2
2 Configure centralized MAC address authentication mode to be MAC address mode.
[S5500] mac-authentication authmode usernameasmacaddress
3 Add a local access user.
a Configure the user name and password for the local user.
[S5500] local-user 00-e0-fc-01-01-01
[S5500-luser-00-e0-fc-01-01-01] password simple 00-e0-fc-01-01-01
b Set service type to LAN-access for the local user.
[S5500-luser-00-e0-fc-01-01-01] service-type lan-access
Centralized MAC Address Authentication Configuration 197
Command
system-view
mac-authentication timer {
offline-detect
offline-detect-value | quiet
quiet-value | server-timeout
server-timeout-value }
Command
display
mac-authentication [
interface interface-list ]
Description
Optional
By default, the three MAC address
authentication timers are set as
follows:
Offline-detect timer: 300 seconds
Quiet timer: 1 minute
Server-timeout timer: 100 seconds
Description
Optional
You can execute the display
command in any view.
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
