3com S7906E 설치 설명서

 

1-18 

As shown in 

the client is connected to the switch through GigabitEthernet 2/0/1. The switch 

authenticates the client by the RADIUS server. If the authentication succeeds, the client is authorized to 

access the Internet. 

Restrict port GigabitEthernet 2/0/1 of the switch as follows: 

z 

Allow more than one MAC authenticated user to log on.  

z 

For 802.1X users, perform MAC authentication first and then, if MAC authentication fails, 802.1X 

authentication. Allow only one 802.1X user to log on.  

z 

Set fixed username and password for MAC-based authentication. Set the total number of MAC 

authenticated users and 802.1X-authenticated users to 64.  

z 

Enable NTK to prevent frames from being sent to unknown MAC addresses. 

 

Configurations on the host and RADIUS servers are omitted. 

 

1)  Configure the RADIUS protocol 

The required RADIUS authentication/accounting configurations and ISP domain configurations are the 

same as those in 

. 

2)  Configure port security 

# Enable port security. 

<Switch> system-view 

[Switch] port-security enable 

# Configure a MAC authentication user, setting the user name and password to aaa and 123456 

respectively.  

[Switch] mac-authentication user-name-format fixed account aaa password simple 123456 

# Specify ISP domain sun for MAC authentication. 

[Switch] mac-authentication domain sun 

[Switch] interface gigabitethernet 2/0/1 

# Set the 802.1X authentication method to CHAP. (This configuration is optional. By default, the 

authentication method is CHAP for 802.1X.)  

[Switch] dot1x authentication-method chap 

# Set the maximum number of secure MAC addresses allowed on the port to 64. 

[Switch-GigabitEthernet2/0/1] port-security max-mac-count 64 

# Set the port security mode to macAddressElseUserLoginSecure.  

[Switch-GigabitEthernet2/0/1] port-security port-mode mac-else-userlogin-secure 

# Set the NTK mode of the port to ntkonly.