Filter
Top Products
Configuring Port Security mac-authentication Mode 49
Network Diagram Figure 13 Network diagram for configuring port security mac-authentication mode
Networking and
Configuration
Requirements
The host connects to the switch through the port Ethernet 1/0/1, and the switch
authenticates the host through the RADIUS server. If the authentication is
successful, the host is authorized to access the Internet.
On port Ethernet 1/0/1 of the switch, perform configurations to meet the
following requirements:
■ The switch performs MAC authentication of users.
■ All users belong to the domain aabbcc.net, and each of them uses the MAC
address as username and password for authentication.
■ Whenever a packet fails MAC authentication, intrusion protection is triggered
to filter packets whose source MAC addresses are the same as that of the
packet failing the authentication, ensuring the security of the port.
Applicable Products
Configuration Procedure
n
■ The following configurations involve some AAA/RADIUS configuration
commands. For details about the commands, refer to “AAA Configuration” in
the Configuration Guide for your product.
■ Configurations on the user host and the RADIUS server are omitted.
■ Configure RADIUS parameters
# Create a RADIUS scheme named radius1.
<3Com> system-view
[3Com] radius scheme radius1
# Specify the primary RADIUS authentication server and primary RADIUS
accounting server.
[3Com-radius-radius1] primary authentication 192.168.1.3
[3Com-radius-radius1] primary accounting 192.168.1.2
Internet
Switch
Host
Eth1/0/1
Authentication servers
(192.168.1.3/24
192.168.1.2/24)
Product series Software version Hardware version
Switch 5500 Release V03.02.04 All versions
Switch 5500G Release V03.02.04 All versions
Switch 4500 Release V03.03.00 All versions