Network requirements – H3C Technologies H3C S3600 Series Switches User Manual

1-20

[Switch-isp-aabbcc.net] quit

# Set aabbcc.net as the default user domain.

[Switch] domain default enable aabbcc.net

# Create a local user.

[Switch] local-user localuser

[Switch-luser-localuser] service-type lan-access

[Switch-luser-localuser] password simple localpass

z

Configure port security

# Enable port security.

[Switch] port-security enable

# Add two OUI values.

[Switch] port-security oui 1234-0100-1111 index 1

[Switch] port-security oui 1234-0200-1111 index 2

# Set the port security mode to userlogin-withoui.

[Switch] interface Ethernet 1/0/1

[Switch-Ethernet1/0/1] port-security port-mode userlogin-withoui

[Switch-Ethernet1/0/1] quit

# Configure port security trapping.

[Switch] port-security trap dot1xlogfailure

[Switch] port-security trap dot1xlogon

[Switch] port-security trap dot1xlogoff

Port Security Mode macAddressElseUserLoginSecureExt Configuration Example

Network requirements

The host connects to the switch through port Ethernet 1/0/1, and the switch authenticates the host with

a RADIUS server. If the authentication succeeds, the host is authorized to access the Internet.

Restrict port Ethernet 1/0/1 of the switch as follows:

z

Perform MAC authentication of users and then 802.1X authentication if MAC authentication fails.

z

Allow up to 64 802.1X authenticated users to get online. The total number of 802.1X authenticated

users and MAC authenticated users cannot exceed 200.

z

All users belong to the domain aabbcc.net, and each user uses the MAC address of the host as

the username and password for authentication.

z

Enable NTK feature to prevent packets from being sent to unknown destination MAC addresses.