Configuring the macaddresselseuserloginsecure mode, Network requirements, Configuration procedure – H3C Technologies H3C S7500E Series Switches User Manual
Page 187
9-19
Handshake is enabled
802.1X unicast-trigger is disabled
Periodic reauthentication is disabled
The port is an authenticator
Authentication Mode is Auto
Port Control Type is Mac-based
802.1X Multicast-trigger is enabled
Mandatory authentication domain: NOT configured
Guest VLAN: NOT configured
Auth-Fail VLAN: NOT configured
Max number of on-line users is 1024
EAPOL Packet: Tx 16331, Rx 102
Sent EAP Request/Identity Packets : 16316
EAP Request/Challenge Packets: 6
EAP Success Packets: 4, Fail Packets: 5
Received EAPOL Start Packets : 6
EAPOL LogOff Packets: 2
EAP Response/Identity Packets : 80
EAP Response/Challenge Packets: 6
Error Packets: 0
1. Authenticated user : MAC address: 0002-0000-0011
Controlled User(s) amount to 1
In addition, the port allows an additional user whose MAC address has an OUI among the specified
OUIs to access the port. You can use the following command to view the related information:
MAC ADDR VLAN ID STATE PORT INDEX AGING TIME(s)
1234-0300-0011 1 Learned GigabitEthernet2/0/1 AGING
--- 1 mac address(es) found ---
Configuring the macAddressElseUserLoginSecure Mode
Network requirements
As shown in
a client is connected to the switch through GigabitEthernet 2/0/1. The switch
authenticates the client by a RADIUS server. If the authentication succeeds, the client is authorized to
access the Internet.
Restrict port GigabitEthernet 2/0/1 of the switch as follows:
z
Allow more than one MAC authenticated user to log on.
z
For 802.1X users, perform MAC authentication first and then, if MAC authentication fails, 802.1X
authentication. Allow only one 802.1X user to log on.
z
Set fixed username and password for MAC authentication. Set the total number of MAC
authenticated users and 802.1X authenticated users to 64.
z
Enable NTK to prevent frames from being sent to unknown MAC addresses.
Configuration procedure