3com 5500 User Manual

HAPTER

9: P

ORT

ECURITY

ONFIGURATION

UIDE

On port Ethernet 1/0/1 of the switch, perform configurations to meet the
following requirements:

■

Allow one 802.1x user to get online.

■

Set two OUI values, and allow only one user whose MAC address matches one
of the two OUI values to get online.

■

Configure port security trapping to monitor the operations of the
802.1x-authenticated user.

Applicable Products

Configuration Procedure

■

The following configurations involve some AAA/RADIUS configuration
commands. For details about the commands, refer to “AAA Configuration” in
the Configuration Guide for your product.

■

Configurations on the user host and the RADIUS server are omitted.

■

Configure RADIUS parameters

# Create a RADIUS scheme named radius1.

<3Com> system-view

[3Com] radius scheme radius1

# Specify the primary RADIUS authentication server and primary RADIUS
accounting server.

[3Com-radius-radius1] primary authentication 192.168.1.3

[3Com-radius-radius1] primary accounting 192.168.1.2

# Specify the secondary RADIUS authentication server and secondary RADIUS
accounting server.

[3Com-radius-radius1] secondary authentication 192.168.1.2

[3Com-radius-radius1] secondary accounting 192.168.1.3

# Set the shared key for message exchange between the switch and the RADIUS
authentication servers to name.

[3Com-radius-radius1] key authentication name

# Set the shared key for message exchange between the switch and the
accounting RADIUS servers to money.

[3Com-radius-radius1] key accounting money

# Set the interval and the number of packet transmission attempts for the switch
to send packets to the RADIUS server.

Product series

Software version

Hardware version

Switch 5500

Release V03.02.04

All versions

Switch 5500G

Release V03.02.04

All versions

Switch 4500

Release V03.03.00

All versions