Network requirements – H3C Technologies H3C S6300 Series Switches User Manual
Page 172
157
Access-limit: Disabled
Access-Count: 0
lan-access Authentication Scheme: radius: radsun
lan-access Authorization Scheme: radius: radsun
lan-access Accounting Scheme: radius: radsun
default Authentication Scheme: local
default Authorization Scheme: local
default Accounting Scheme: local
Authorzation attributes :
Idle-cut : Disable
# Display the port security configuration.
[Device] display port-security interface ten-gigabitethernet 1/0/1
Port security is enabled globally
AutoLearn aging time is 0 minutes
Disableport Timeout: 20s
OUI value:
Index is 1, OUI value is 123401
Index is 2, OUI value is 123402
Index is 3, OUI value is 123403
Index is 4, OUI value is 123404
Index is 5, OUI value is 123405
Ten-GigabitEthernet1/0/1 is link-up
Port mode : userLoginWithOUI
NeedToKnow mode: Disabled
Intrusion protection mode: NoAction
Max number of secure MAC addresses: Not configured
Current number of secure MAC addresses: 1
Authorization is permitted
After an 802.1X user goes online, you can see that the number of secure MAC addresses saved by the
port is 1. You can use the display dot1x command to display information about online 802.1X users.
The port also allows one user whose MAC address has an OUI among the specified OUIs to pass
authentication. You can use the following command to display the MAC address information for the port:
[Device] display mac-address interface ten-gigabitethernet 1/0/1
MAC Address VLAN ID State Port Aging
1234-0300-0011 1 Learned Ten-GigabitEthernet1/0/1 Y
macAddressElseUserLoginSecure configuration example
Network requirements
As shown in
, a client is connected to the device through Ten-GigabitEthernet 1/0/1. The
device authenticates the client by a RADIUS server. If the authentication succeeds, the client is authorized
to access the Internet.
Restrict port Ten-GigabitEthernet 1/0/1 of the device as follows:
•
Allow more than one MAC authenticated user to log on.