Port Security Mode Macaddressanduserloginsecureext Configuration Example - H3C S5600 Series Operation Manual

Hide thumbs Also See for S5600 Series:

Operation manual (1278 pages)

Configuration (313 pages)

Operation manual (24 pages)

Table of Contents

# Set the timer for the switch to send real-time accounting packets to the RADIUS server

to 15 minutes.

[Switch-radius-radius1] timer realtime-accounting 15

# Configure the switch to send a username without the domain name to the RADIUS server.

[Switch-radius-radius1] user-name-format without-domain

[Switch-radius-radius1] quit

# Create a domain named aabbcc.net and enter its view.

[Switch] domain aabbcc.net

# Specify the RADIUS scheme for the domain.

[Switch-isp-aabbcc.net] scheme radius-scheme radius1

# Enable the idle disconnecting function and set the related parameters.

[Switch-isp-aabbcc.net] idle-cut enable 20 2000

[Switch-isp-aabbcc.net] quit

# Set aabbcc.net as the default user domain.

[Switch] domain default enable aabbcc.net

# Set the maximum number of concurrent 802.1X users.

[Switch] dot1x max-user 64

# Configure the switch to use MAC addresses as usernames for authentication, specifying

that the MAC addresses should be lowercase without separators.

mac-authentication

without-hyphen

# Specify the ISP domain for MAC authentication.

[Switch] mac-authentication domain aabbcc.net

# Enable port security.

[Switch] port-security enable

# Set the maximum number of secure MAC addresses allowed on the port to 200.

[Switch] interface gigabitethernet 1/0/1

[Switch-GigabitEthernet1/0/1] port-security max-mac-count 200

# Set the port security mode to mac-else-userlogin-secure-ext.

[Switch-GigabitEthernet1/0/1]

mac-else-userlogin-secure-ext

# Set the NTK mode of the port to ntkonly.

[Switch-GigabitEthernet1/0/1] port-security ntk-mode ntkonly

Port Security Mode macAddressAndUserLoginSecureExt Configuration

Network requirements

The host connects to the switch through port GE1/0/1, and the switch authenticates the

host with a RADIUS server. After the authentication succeeds, the host is authorized to

access the Internet.

Restrict GE1/0/1 of the switch as follows:

Perform MAC authentication for users and then 802.1X authentication after MAC

authentication succeeds.

All users belong to the domain aabbcc.net, and each user uses the MAC address of

the host as the username and password for authentication.

usernameasmacaddress

port-security

usernameformat

Show Quick Links

Quick Links:
Audience

Chapters

Table of Contents

Troubleshooting

Port Security Mode Macaddressanduserloginsecureext Configuration Example - H3C S5600 Series Operation Manual

Hide quick links:

Chapters

Troubleshooting

Related Manuals for H3C S5600 Series

Related Content for H3C S5600 Series

This manual is also suitable for:

Table of Contents