beautypg.com

Userloginwithoui configuration example, Network requirements – H3C Technologies H3C S6300 Series Switches User Manual

Page 169

background image

154

Ten-GigabitEthernet1/0/1 is link-up

Port mode: autoLearn

NeedToKnow mode: Disabled

Intrusion protection mode: DisablePortTemporarily

Max number of secure MAC addresses: 64

Current number of secure MAC addresses: 5

Authorization is permitted

The output shows that the port security's limit on the number of secure MAC addresses on the port is 64,
the port security mode is autoLearn, and the intrusion protection action is disabling the port

(DisablePortTemporarily) for 30 seconds.
After the configuration takes effect, the port allows for MAC address learning, and you can view the

number of learned MAC addresses in the Current number of secure MAC addresses field. To view more
information about the learned MAC addresses, use the display this command in Layer 2 Ethernet

interface view.

[Device] interface ten-gigabitethernet 1/0/1

[Device-Ten-GigabitEthernet1/0/1] display this

#

interface Ten-GigabitEthernet1/0/1

port-security max-mac-count 64

port-security port-mode autolearn

port-security mac-address security sticky 0002-0000-0015 vlan 1

port-security mac-address security sticky 0002-0000-0014 vlan 1

port-security mac-address security sticky 0002-0000-0013 vlan 1

port-security mac-address security sticky 0002-0000-0012 vlan 1

port-security mac-address security sticky 0002-0000-0011 vlan 1

#

Execute the display port-security interface command after the number of MAC addresses learned by the

port reaches 64. You can see that the port security mode has changed to secure.
When any frame with a new MAC address arrives, intrusion protection is triggered and you see the port

has been disabled. The port should be re-enabled 30 seconds later.
After the port is re-enabled, delete several secure MAC addresses. You can see that the port security

mode of the port changes to autoLearn, and the port can learn MAC addresses again.

userLoginWithOUI configuration example

Network requirements

As shown in

Figure 64

, a client is connected to the device through port Ten-GigabitEthernet 1/0/1. The

device authenticates the client with a RADIUS server. If the authentication succeeds, the client is

authorized to access the Internet.

The RADIUS server at 192.168.1.2 functions as the primary authentication server and the secondary
accounting server, and the RADIUS server at 192.168.1.3 functions as the secondary authentication

server and the primary accounting server. The shared key for authentication is name, and that for

accounting is money.

All users use the authentication, authorization, and accounting methods of ISP domain sun.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: