3com 5500 User Manual
54
C
HAPTER
9: P
ORT
S
ECURITY
C
ONFIGURATION
G
UIDE
[3Com] interface Ethernet 1/0/1
[3Com-Ethernet1/0/1] port-security port-mode userlogin-withoui
[3Com-Ethernet1/0/1] quit
# Configure port security trapping.
[3Com] port-security trap dot1xlogfailure
[3Com] port-security trap dot1xlogon
[3Com] port-security trap dot1xlogoff
Complete Configuration
#
domain default enable aabbcc.net
#
port-security enable
port-security trap dot1xlogon
port-security trap dot1xlogoff
port-security trap dot1xlogfailure
port-security oui 1234-0100-0000 index 1
port-security oui 1234-0200-0000 index 2
#
radius scheme radius1
server-type standard
primary authentication 192.168.1.3
primary accounting 192.168.1.2
secondary authentication 192.168.1.2
secondary accounting 192.168.1.3
key authentication name
key accounting money
timer realtime-accounting 15
timer response-timeout 5
retry 5
user-name-format without-domain
#
domain aabbcc.net
scheme radius-scheme radius1 local
access-limit enable 30
idle-cut enable 20 2000
#
local-user localuser
password simple localpass
service-type lan-access
#
interface Ethernet1/0/1
port-security port-mode userlogin-withoui
#
Precautions
■
Before enabling port security, be sure to disable 802.1x and MAC
authentication globally.
authentication globally.
■
On a port configured with port security, you cannot configure the maximum
number of MAC addresses that the port can learn, reflector port for port
mirroring, fabric port, or link aggregation.
number of MAC addresses that the port can learn, reflector port for port
mirroring, fabric port, or link aggregation.