3com 5500 用户手册
Configuring Port Security mac-else-userlogin-secure-ext Mode
55
Configuring Port
Security
mac-else-userlogin-sec
ure-ext Mode
Security
mac-else-userlogin-sec
ure-ext Mode
In mac-else-userlogin-secure-ext mode, a port first performs MAC
authentication of a user. If the authentication is successful, the user can access the
port; otherwise, the port performs 802.1x authentication of the user. In this mode,
there can be more than one authenticated user on a port.
authentication of a user. If the authentication is successful, the user can access the
port; otherwise, the port performs 802.1x authentication of the user. In this mode,
there can be more than one authenticated user on a port.
Network Diagram
Figure 15 Network diagram for configuring port security mac-else-userlogin-secure-ext
mode
mode
Networking and
Configuration
Requirements
The host connects to the switch through the port Ethernet 1/0/1, and the switch
authenticates the host through the RADIUS server. After successful authentication,
the host is authorized to access the Internet.
authenticates the host through the RADIUS server. After successful authentication,
the host is authorized to access the Internet.
On port Ethernet 1/0/1 of the switch, perform configurations to meet the
following requirements:
following requirements:
■
Perform MAC authentication of users and then 802.1x authentication if MAC
authentication fails.
authentication fails.
■
Allow up to 64 802.1x authenticated users to get online. The total number of
802.1x authenticated users and MAC address authenticated users cannot
exceed 200.
802.1x authenticated users and MAC address authenticated users cannot
exceed 200.
■
All users belong to the domain aabbcc.net, and each user uses the MAC
address of the host as the username and password for authentication.
address of the host as the username and password for authentication.
■
Enable NeedToKnow feature to prevent packets from being sent to unknown
destination MAC addresses.
destination MAC addresses.
Applicable Products
Configuration Procedure
n
■
The following configurations involve some AAA/RADIUS configuration
commands. For details about the commands, refer to “AAA Configuration” in
the Configuration Guide for your product.
commands. For details about the commands, refer to “AAA Configuration” in
the Configuration Guide for your product.
■
Configurations on the user host and the RADIUS server are omitted.
■
Configure RADIUS parameters
Internet
Switch
Host
Eth1/0/1
Authentication servers
(192 .168.1.3/24
192 .168.1.2 /24 )
192 .168.1.2 /24 )
Product series
Software version Hardware version
Switch 5500
Release V03.02.04
All versions
Switch 5500G
Release V03.02.04
All versions
Switch 4500
Release V03.03.00
All versions