3com 4210 User Manual

[3Com-Ethernet1/0/1] port-security intrusion-mode blockmac 

#

domain default enable aabbcc.net

#

port-security enable

#

MAC-authentication domain aabbcc.net

#

radius scheme radius1

server-type standard

primary authentication 192.168.1.3

primary accounting 192.168.1.2

secondary authentication 192.168.1.2

secondary accounting 192.168.1.3

key authentication name

key accounting money

user-name-format without-domain

#

domain aabbcc.net

scheme radius-scheme radius1

#

interface Ethernet1/0/1

port-security port-mode mac-authentication

port-security intrusion-mode blockmac 

■

Before enabling port security, be sure to disable 802.1x and MAC 
authentication globally.

■

On a port configured with port security, you cannot configure the maximum 
number of MAC addresses that the port can learn, reflector port for port 
mirroring, fabric port, or link aggregation.

In the userlogin-withoui mode, a port authenticates users using MAC-based 
802.1x and permits only packets from authenticated users. Besides, the port also 
allows packets whose source MAC addresses have a specified organizationally 
unique identifier (OUI) value to pass the port.

Figure 14   Network diagram for configuring port security userlogin-withoui mode

 

The host connects to the switch through the port Ethernet 1/0/1, and the switch 
authenticates the host through the RADIUS server. If the authentication is 
successful, the host is authorized to access the Internet.

Internet

Switch

Host 

Eth1/0/1

Authentication servers

(192 .168.1.3/24
192 .168.1.2 /24 )