3com 5500 User Manual
50
C
HAPTER
9: P
ORT
S
ECURITY
C
ONFIGURATION
G
UIDE
# Specify the secondary RADIUS authentication server and secondary RADIUS
accounting server.
accounting server.
[3Com-radius-radius1] secondary authentication 192.168.1.2
[3Com-radius-radius1] secondary accounting 192.168.1.3
# Set the shared key for message exchange between the switch and the RADIUS
authentication servers to name.
authentication servers to name.
[3Com-radius-radius1] key authentication name
# Set the shared key for message exchange between the switch and the
accounting RADIUS servers to money.
accounting RADIUS servers to money.
[3Com-radius-radius1] key accounting money
# Configure the switch to send a username without the domain name to the
RADIUS server.
RADIUS server.
[3Com-radius-radius1] user-name-format without-domain
[3Com-radius-radius1] quit
# Create a domain named aabbcc.net and enter its view.
[3Com] domain aabbcc.net
# Specify the RADIUS scheme for the domain.
[3Com-isp-aabbcc.net] scheme radius-scheme radius1
[3Com-isp-aabbcc.net] quit
# Set aabbcc.net as the default user domain.
[3Com] domain default enable aabbcc.net
# Configure the switch to use MAC addresses as usernames for authentication,
specifying that the MAC addresses should be lowercase without separators.
specifying that the MAC addresses should be lowercase without separators.
[3Com] mac-authentication authmode usernameasmacaddress usernameform
at without-hyphen
# Specify the ISP domain for MAC authentication.
[3Com] mac-authentication domain aabbcc.net
# Enable port security.
[3Com] port-security enable
# Set the port security mode to mac-authentication.
[3Com] interface Ethernet 1/0/1
[3Com-Ethernet1/0/1] port-security port-mode mac-authentication
# Configure the port to drop packets whose source addresses are the same as that
of the packet failing MAC authentication after intrusion protection is triggered.
of the packet failing MAC authentication after intrusion protection is triggered.