145
Configuration procedure
Configuration procedures for the host and RADIUS servers are not shown.
1. Configure the RADIUS protocol:
Configure the RADIUS authentication/accounting and ISP domain settings the same as in
"Configuring the userLoginWithOUI mode."
2. Config
ure port security:
# Enable port security.
<Device> system-view
[Device] port-security enable
# Use MAC-based user accounts for MAC authentication users. Each MAC address must be
hyphenated and in lowercase.
[Device] mac-authentication user-name-format mac-address with-hyphen lowercase
[Device] interface ethernet 1/1
# Specify ISP domain sun for MAC authentication.
[Device] mac-authentication domain sun
# Set the 802.1X authentication method to CHAP. (This configuration is optional. By default, the
authentication method is CHAP for 802.1X.)
[Device] dot1x authentication-method chap
# Set port security's limit on the number of MAC addresses to 64 on the port.
[Device] interface ethernet 1/1
[Device-Ethernet1/1] port-security max-mac-count 64
# Set the port security mode to macAddressElseUserLoginSecure.
[Device-Ethernet1/1] port-security port-mode mac-else-userlogin-secure
# Set the NTK mode of the port to ntkonly.
[Device-Ethernet1/1] port-security ntk-mode ntkonly
Verifying the configuration
# Display the port security configuration.
<Device> display port-security interface ethernet 1/1
Equipment port-security is enabled
Trap is disabled
Disableport Timeout: 20s
OUI value:
Ethernet1/1 is link-up
Port mode is macAddressElseUserLoginSecure
NeedToKnow mode is NeedToKnowOnly
Intrusion Protection mode is NoAction
Max MAC address number is 64
Stored MAC address number is 0
Authorization is permitted
Security MAC address learning mode is sticky
Security MAC address aging type is absolute
# Display MAC authentication information.
<Device> display mac-authentication interface ethernet 1/1
MAC address authentication is enabled.
User name format is MAC address in lowercase,like xx-xx-xx-xx-xx-xx
Fixed username:mac
To Next Page
Loading...
Need help?
General
