1-14
# Configure RADIUS scheme 2000.
<Switch> system-view
[Switch] radius scheme 2000
[Switch-radius-2000] primary authentication 10.11.1.1 1812
[Switch-radius-2000] primary accouting 10.11.1.1 1813
[Switch-radius-2000] key authentication abc
[Switch-radius-2000] key accouting abc
[Switch-radius-2000] user-name-format without-domain
[Switch-radius-2000] quit
# Configure the ISP domain and apply the scheme 2000 to the domain.
[Switch] domaim system
[Switch-isp-system] scheme radius-scheme 2000
[Switch-isp-system] quit
# Set the username type for MAC address authentication to MAC address that requires no hyphened
lowercase MAC addresses as the username and password.
[Switch] mac-authentication authmode usernameasmacaddress usernameformat without-hyphen
# Configure the ISP domain for MAC address authentication.
[Switch] mac-authentication domain system
# Enable port security.
[Switch] port-security enable
# Specify the switch to trigger MAC address authentication at an interval of 60 seconds.
[Switch] port-security timer guest-vlan timer 60
# Create VLAN 10 and assign the port Ethernet 1/0/1 to it.
[Switch] vlan 10
[Switch–vlan10] port Ethernet 1/0/1
# Set the security mode of the port Ethernet 1/0/2 to macAddressOrUserLoginSecure.
[Switch] interface Ethernet1/0/2
[Switch-Ethernet1/0/2] port-security port-mode userlogin-secure-or-mac
# specify VLAN 10 as the guest VLAN of the port.
[Switch-Ethernet1/0/2] port-security guest-vlan 10
You can display the guest VLAN configuration information by the display current-configuration or
display interface ethernet 1/0/2 command.
If a user fails the authentication, you can use the display vlan 10 command to view if the guest VLAN
specified for the port is effective.
To Next Page
Loading...
