Network diagram, Configuration procedure, Network requirements – H3C Technologies H3C S3600 Series Switches User Manual

1-16

Network diagram

Figure 1-5 Network diagram for port security mode autoLearn

Configuration procedure

# Enter system view.

system-view

# Enable port security.

[Switch] port-security enable

# Enter Ethernet1/0/1 port view.

[Switch] interface Ethernet 1/0/1

# Set the maximum number of MAC addresses allowed on the port to 80.

[Switch-Ethernet1/0/1] port-security max-mac-count 80

# Set the port security mode to autoLearn.

[Switch-Ethernet1/0/1] port-security port-mode autolearn

# Add the MAC address 0001-0002-0003 of Host as a secure MAC address to the port in VLAN 1.

[Switch-Ethernet1/0/1] mac-address security 0001-0002-0003 vlan 1

# Configure the port to be silent for 30 seconds after intrusion protection is triggered.

[Switch-Ethernet1/0/1] port-security intrusion-mode disableport-temporarily

[Switch-Ethernet1/0/1] quit

[Switch] port-security timer disableport 30

Port Security Mode macAddressWithRadius Configuration Example

Network requirements

The host connects to the switch through port Ethernet 1/0/1, and the switch authenticates the host with

a RADIUS server. If the authentication succeeds, the host is authorized to access the Internet.

Restrict port Ethernet 1/0/1 of the switch as follows:

z

The switch performs MAC authentication for users.

z

All users belong to the domain aabbcc.net, and each of them uses the MAC address as username

and password for authentication.

z

Whenever a packet fails MAC authentication, intrusion protection is triggered to filter packets

whose source MAC addresses are the same as that of the packet failing the authentication,

ensuring the security of the port.