3com 4200G ユーザーズマニュアル
![3com](https://files.manualsbrain.com/attachments/960452ff43b9899cbcffced60c87abf956e7967a/common/fit/150/50/f6ac125d7af2cf40fec58935fa6d4bf71457a57efe50bee91208a434f325/brand_logo.jpeg)
Configuring Port Security mac-authentication Mode
49
Network Diagram
Figure 13 Network diagram for configuring port security mac-authentication mode
Networking and
Configuration
Requirements
The host connects to the switch through the port Ethernet 1/0/1, and the switch
authenticates the host through the RADIUS server. If the authentication is
successful, the host is authorized to access the Internet.
authenticates the host through the RADIUS server. If the authentication is
successful, the host is authorized to access the Internet.
On port Ethernet 1/0/1 of the switch, perform configurations to meet the
following requirements:
following requirements:
■
The switch performs MAC authentication of users.
■
All users belong to the domain aabbcc.net, and each of them uses the MAC
address as username and password for authentication.
address as username and password for authentication.
■
Whenever a packet fails MAC authentication, intrusion protection is triggered
to filter packets whose source MAC addresses are the same as that of the
packet failing the authentication, ensuring the security of the port.
to filter packets whose source MAC addresses are the same as that of the
packet failing the authentication, ensuring the security of the port.
Applicable Products
Configuration Procedure
n
■
The following configurations involve some AAA/RADIUS configuration
commands. For details about the commands, refer to “AAA Configuration” in
the Configuration Guide for your product.
commands. For details about the commands, refer to “AAA Configuration” in
the Configuration Guide for your product.
■
Configurations on the user host and the RADIUS server are omitted.
■
Configure RADIUS parameters
# Create a RADIUS scheme named radius1.
<3Com> system-view
[3Com] radius scheme radius1
# Specify the primary RADIUS authentication server and primary RADIUS
accounting server.
accounting server.
[3Com-radius-radius1] primary authentication 192.168.1.3
[3Com-radius-radius1] primary accounting 192.168.1.2
Internet
Switch
Host
Eth1/0/1
Authentication servers
(192 .168.1.3/24
192 .168.1.2 /24 )
192 .168.1.2 /24 )
Product series
Software version Hardware version
Switch 5500
Release V03.02.04
All versions
Switch 5500G
Release V03.02.04
All versions
Switch 4500
Release V03.03.00
All versions