217
Controlled User(s) amount to 1
In addition, the port allows an additional user whose MAC address has an OUI among the specified
OUIs to access the port.
# Display MAC address information for interface Ethernet 1/0/1.
<Device> display mac-address interface ethernet 1/0/1
MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)
1234-0300-0011 1 Learned Ethernet1/0/1 AGING
--- 1 mac address(es) found ---
Configuring the macAddressElseUserLoginSecure mode
Network requirements
As shown in Figure 89, a client is connected to the Device through Ethernet 1/0/1. The Device
authenticates the client by a RADIUS server. If the authentication succeeds, the client is authorized to
access the Internet.
Restrict port Ethernet 1/0/1 of the Device:
• Allow more than one MAC authenticated user to log on.
• For 802.1X users, perform MAC authentication first and then, if MAC authentication fails, 802.1X
authentication. Allow only one 802.1X user to log on.
• Set fixed username and password for MAC authentication. Set the total number of MAC
authenticated users and 802.1X authenticated users to 64.
• Enable NTK to prevent frames from being sent to unknown MAC addresses.
Configuration procedure
NOTE:
Configurations on the host and RADIUS servers are not shown.
1. Configure the RADIUS protocol.
Configure the RADIUS authentication/accounting and ISP domain settings the same as in Configuring
the us
erLoginWithOUI mode.
2. Configure port security.
# Enable port security.
<Device> system-view
[Device] port-security enable
# Configure a MAC authentication user, setting the username and password to aaa and 123456
respectively.
[Device] mac-authentication user-name-format fixed account aaa password simple 123456
[Device] interface ethernet 1/0/1
# Specify ISP domain sun for MAC authentication.
[Device] mac-authentication domain sun
[Device] interface ethernet 1/0/1
# Set the 802.1X authentication method to CHAP. (This configuration is optional. By default, the
authentication method is CHAP for 802.1X.)
To Next Page
Loading...
Need help?
General