Network requirements, Network diagram, Configuration procedure – H3C Technologies H3C WX6000 Series Access Controllers User Manual
Page 151
19-12
In addition, you will see that the port security feature has disabled the port if you issue the following
command:
GigabitEthernet0/0/1 current state: Port Security Disabled
IP Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 000f-cb00-5558
Description: GigabitEthernet0/0/1 Interface
......
The port should be re-enabled 30 seconds later.
[AC-GigabitEthernet0/0/1] display interface gigabitethernet 0/0/1
GigabitEthernet0/0/1 current state: UP
IP Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 000f-cb00-5558
Description: GigabitEthernet0/0/1 Interface
......
Now, if you manually delete several secure MAC addresses, the port security mode of the port will be
restored to autoLearn, and the port will be able to learn MAC addresses again.
Port Security Configuration for userLoginWithOUI Mode
Network requirements
The client is connected to the switch through port GigabitEthernet 0/0/1. The switch authenticates the
client by the RADIUS server. If the authentication succeeds, the client is authorized to access the
Internet.
Restrict port GigabitEthernet 0/0/1 of the switch as follows:
z
Allow only one 802.1x user to be authenticated.
z
Allow up to 16 OUI values to be configured and allow one additional user whose MAC address has
an OUI among the configured ones to access the port.
Network diagram
Figure 19-2
Network diagram for port security configuration for userLoginWithOUI mode
Internet
AC
Host
GE0/0/1
192.168.2.1/24
Authentication servers
(192.168.1.1/24
192.168.1.2/24)
Configuration procedure
z
The following configuration steps cover some AAA/RADIUS configuration commands.
z
Configurations on the host and RADIUS servers are omitted.