Port Security Configuration Examples 1175
GigabitEthernet1/0/1 is link-up
802.1X protocol is enabled
Handshake is enabled
The port is an authenticator
Authentication Mode is Auto
Port Control Type is Mac-based
802.1X Multicast-trigger is enabled
Guest VLAN: 0
Max number of on-line users is 256
EAPOL Packet: Tx 16331, Rx 102
Sent EAP Request/Identity Packets : 16316
EAP Request/Challenge Packets: 6
EAP Success Packets: 4, Fail Packets: 5
Received EAPOL Start Packets : 6
EAPOL LogOff Packets: 2
EAP Response/Identity Packets : 80
EAP Response/Challenge Packets: 6
Error Packets: 0
1. Authenticated user : MAC address: 0002-0000-0011
Controlled User(s) amount to 1
In addition, the port allows an additional user whose MAC address has an OUI
among the specified OUIs to access the port. You can use the following command
to view the related information:
<Switch> display mac-address interface gigabitethernet 1/0/1
MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)
1234-0300-0011 1 Learned GigabitEthernet1/0/1 AGING
--- 1 mac address(es) found ---
Port Security
Configuration for
macAddressElseUserLogi
nSecure Mode
Network requirements
The client is connected to the switch through GigabitEthernet 1/0/1. The switch
authenticates the client by the RADIUS server. If the authentication succeeds, the
client is authorized to access the Internet.
Restrict port GigabitEthernet 1/0/1 of the switch as follows:
■ Allow more than one MAC authenticated user to log on.
■ For 802.1x users, perform MAC authentication first and then, if MAC
authentication fails, 802.1x authentication. Allow only one 802.1x user to log
on.
■ For MAC-based authentication, allow usernames and passwords in self-defined
formats. Set the total number of MAC authenticated users and
802.1x-authenticated users to 64.
■ Enable NTK to prevent frames from being sent to unknown MAC addresses.
Network diagram
See Figure 353.
To Next Page
Loading...
