H3C Technologies H3C S3100 Series Switches User Manual

1-14

[Switch] radius scheme 2000

[Switch-radius-2000] primary authentication 10.11.1.1 1812

[Switch-radius-2000] primary accounting 10.11.1.1 1813

[Switch-radius-2000] key authentication abc

[Switch-radius-2000] key accounting abc

[Switch-radius-2000] user-name-format without-domain

[Switch-radius-2000] quit

# Configure the ISP domain and apply the scheme 2000 to the domain.

[Switch] domaim system

[Switch-isp-system] scheme radius-scheme 2000

[Switch-isp-system] quit

# Set the username type for MAC address authentication to MAC address that requires no hyphened

lowercase MAC addresses as the username and password.

[Switch] mac-authentication authmode usernameasmacaddress usernameformat without-hyphen

lowercase

# Configure the ISP domain for MAC address authentication.

[Switch] mac-authentication domain system

# Enable port security.

[Switch] port-security enable

# Specify the switch to trigger MAC address authentication at an interval of 60 seconds.

[Switch] port-security timer guest-vlan-reauth 60

# Create VLAN 10 and assign the port Ethernet 1/0/1 to it.

[Switch] vlan 10

[Switch–vlan10] port Ethernet 1/0/1

# Set the security mode of the port Ethernet 1/0/2 to macAddressOrUserLoginSecure.

[Switch] interface Ethernet1/0/2

[Switch-Ethernet1/0/2] port-security port-mode userlogin-secure-or-mac

# specify VLAN 10 as the guest VLAN of the port.

[Switch-Ethernet1/0/2] port-security guest-vlan 10

You can display the guest VLAN configuration information by the display current-configuration or

display interface ethernet 1/0/2 command.

If a user fails the authentication, you can use the display vlan 10 command to view if the guest VLAN

specified for the port is effective.