beautypg.com

Network requirements – H3C Technologies H3C S3600 Series Switches User Manual

Page 212

background image

1-22

[Switch-radius-radius1] timer realtime-accounting 15

# Configure the switch to send a username without the domain name to the RADIUS server.

[Switch-radius-radius1] user-name-format without-domain

[Switch-radius-radius1] quit

# Create a domain named aabbcc.net and enter its view.

[Switch] domain aabbcc.net

# Specify the RADIUS scheme for the domain.

[Switch-isp-aabbcc.net] scheme radius-scheme radius1

# Enable the idle disconnecting function and set the related parameters.

[Switch-isp-aabbcc.net] idle-cut enable 20 2000

[Switch-isp-aabbcc.net] quit

# Set aabbcc.net as the default user domain.

[Switch] domain default enable aabbcc.net

# Set the maximum number of concurrent 802.1X users.

[Switch] dot1x max-user 64

# Configure the switch to use MAC addresses as usernames for authentication, specifying that the MAC

addresses should be lowercase without separators.

[Switch] mac-authentication authmode usernameasmacaddress usernameformat without-hyphen

# Specify the ISP domain for MAC authentication.

[Switch] mac-authentication domain aabbcc.net

# Enable port security.

[Switch] port-security enable

# Set the maximum number of secure MAC addresses allowed on the port to 200.

[Switch] interface Ethernet 1/0/1

[Switch-Ethernet1/0/1] port-security max-mac-count 200

# Set the port security mode to mac-else-userlogin-secure-ext.

[Switch-Ethernet1/0/1] port-security port-mode mac-else-userlogin-secure-ext

# Set the NTK mode of the port to ntkonly.

[Switch-Ethernet1/0/1] port-security ntk-mode ntkonly

Port Security Mode macAddressAndUserLoginSecureExt Configuration Example

Network requirements

The host connects to the switch through port Ethernet 1/0/1, and the switch authenticates the host with

a RADIUS server. After the authentication succeeds, the host is authorized to access the Internet.

Restrict Ethernet 1/0/1 of the switch as follows:

z

Perform MAC authentication for users and then 802.1X authentication after MAC authentication

succeeds.

z

All users belong to the domain aabbcc.net, and each user uses the MAC address of the host as

the username and password for authentication.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: