Netgear M4300-52G (GSM4352S) - Stackable Managed Switch with 48x1G and 4x10G including 2x10GBASE-T and 2xSFP+ Layer 3 管理员指南
MAB
377
Managed Switches
Configure MAC Authentication Bypass on a Switch
This section provides an example of how to configure MAC Authentication Bypass (MAB) on
a switch.
a switch.
The example is shown as CLI commands and as a web interface procedure.
CLI: Configure the Switch to Perform MAB with a Microsoft Network
Policy Server
1.
Enable 802.1X authentication on the switch.
2.
Configure RADIUS to authenticate 802.1X users.
3.
Configure the switch to communicate with the Microsoft network policy server.
In this example, the Microsoft network policy server IP address is 10.1.10.46. The shared
key on the switch and the RADIUS server must match.
key on the switch and the RADIUS server must match.
4.
Configure force-authorization on the port that connects to the Microsoft network policy server
(port 1/0/1 in this example).
(port 1/0/1 in this example).
5.
Configure MAB on the port that connects to the IP phone (port 1/0/10 in this example).
(Netgear Switch) #config
(Netgear Switch) (Config)#dot1x system-auth-control
(Netgear Switch) (Config)#aaa authentication dot1x default radius
(Netgear Switch) (Config)#radius server host auth 10.1.10.46
(Netgear Switch) (Config)#radius server key auth 10.1.10.46
Enter secret (64 characters max):******
Re-enter secret:******
(Netgear Switch) (Config)#radius server primary 10.1.10.46
(Netgear Switch) (Config)#interface 1/0/1
(Netgear Switch) (Interface 1/0/1)#dot1x port-control force-authorized
(Netgear Switch) (Interface 1/0/1)#exit
(Netgear Switch) #config
(Netgear Switch) (Config)#interface 1/0/10
(Netgear Switch) (Interface 1/0/10)#dot1x port-control mac-based
(Netgear Switch) (Interface 1/0/10)#dot1x mac-auth-bypass
(Netgear Switch) (Interface 1/0/10)#exit
(Netgear Switch) (config)#exit