H3C Technologies H3C S7500E Series Switches User Manual
Page 188
9-20
Configurations on the host and RADIUS servers are omitted.
1) Configure the RADIUS protocol
The required RADIUS authentication/accounting configurations and ISP domain configurations are the
same as those in
Configuring the userLoginWithOUI Mode
.
2) Configure port security
# Enable port security.
<Switch> system-view
[Switch] port-security enable
# Configure a MAC authentication user, setting the username and password to aaa and 123456
respectively.
[Switch] mac-authentication user-name-format fixed account aaa password simple 123456
# Specify ISP domain sun for MAC authentication.
[Switch] mac-authentication domain sun
# Set the 802.1X authentication method to CHAP. (This configuration is optional. By default, the
authentication method is CHAP for 802.1X.)
[Switch] dot1x authentication-method chap
# Set the maximum number of secure MAC addresses allowed on the port to 64.
[Switch] interface gigabitethernet 2/0/1
[Switch-GigabitEthernet2/0/1] port-security max-mac-count 64
# Set the port security mode to macAddressElseUserLoginSecure.
[Switch-GigabitEthernet2/0/1] port-security port-mode mac-else-userlogin-secure
# Set the NTK mode of the port to ntkonly.
[Switch-GigabitEthernet2/0/1] port-security ntk-mode ntkonly
3) Verify the configuration
After completing the configurations, you can use the following command to view the port security
configuration information:
<Switch> display port-security interface gigabitethernet 2/0/1
Equipment port-security is enabled
Trap is disabled
Disableport Timeout: 20s
OUI value:
GigabitEthernet2/0/1 is link-up
Port mode is macAddressElseUserLoginSecure
NeedToKnow mode is NeedToKnowOnly
Intrusion Protection mode is NoAction
Max MAC address number is 64
Stored MAC address number is 0
Authorization is permitted
Use the following command to view MAC authentication information: