beautypg.com

Guest vlan configuration example, Network requirements – H3C Technologies H3C S3600 Series Switches User Manual

Page 214

background image

1-24

[Switch-radius-radius1] timer realtime-accounting 15

# Configure the switch to send a username without the domain name to the RADIUS server.

[Switch-radius-radius1] user-name-format without-domain

[Switch-radius-radius1] quit

# Create a domain named aabbcc.net and enter its view.

[Switch] domain aabbcc.net

# Specify the RADIUS scheme for the domain.

[Switch-isp-aabbcc.net] scheme radius-scheme radius1

# Enable the idle disconnecting function and set the related parameters.

[Switch-isp-aabbcc.net] idle-cut enable 20 2000

[Switch-isp-aabbcc.net] quit

# Set aabbcc.net as the default user domain.

[Switch] domain default enable aabbcc.net

# Configure the switch to use the MAC address as username and password for authentication,

specifying that the MAC address should be lowercase without separators.

[Switch] mac-authentication authmode usernameasmacaddress usernameformat without-hyphen

# Specify the ISP domain for MAC authentication.

[Switch] mac-authentication domain aabbcc.net

# Enable port security.

[Switch] port-security enable

# Set the port security mode to macAddressAndUserLoginSecureExt.

[Switch] interface Ethernet 1/0/1

[Switch-Ethernet1/0/1] port-security port-mode mac-and-userlogin-secure-ext

Guest VLAN Configuration Example

Network requirements

As shown in

Figure 1-10

, Ethernet 1/0/2 connects to a PC and a printer, which are not used at the same

time. Configure the port to operate in macAddressOrUserLoginSecure mode and specify a guest

VLAN for the port.

z

The PC must pass 802.1X authentication to connect to the network while the printer must pass

MAC authentication to achieve network connectivity.

z

The switch’s port Ethernet 1/0/3 connects to the Internet. This port is assigned to VLAN 1. Normally,

the port Ethernet 1/0/2 is also assigned to VLAN.

z

VLAN 10 is intended to be a guest VLAN. It contains an update server for users to download and

upgrade their client software. When a user fails authentication, port Ethernet 1/0/2 is added to

VLAN 10. Then the user can access only VLAN 10. The port goes back to VLAN 1 when the user

passes authentication.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: