Configuring Port Security userlogin-withoui Mode 51

 

[3Com-Ethernet1/0/1] port-security intrusion-mode blockmac

Complete Configuration

#

 

domain default enable aabbcc.net

 

#

 

port-security enable

 

#

 

MAC-authentication domain aabbcc.net

 

#

 

radius scheme radius1

 

server-type standard

 

primary authentication 192.168.1.3

 

primary accounting 192.168.1.2

 

secondary authentication 192.168.1.2

 

secondary accounting 192.168.1.3

 

key authentication name

 

key accounting money

 

user-name-format without-domain

 

#

 

domain aabbcc.net

 

scheme radius-scheme radius1

 

#

 

interface Ethernet1/0/1

 

port-security port-mode mac-authentication

 

port-security intrusion-mode blockmac

Precautions

Before enabling port security, be sure to disable 802.1x and MAC

 

authentication globally.

 

On a port configured with port security, you cannot configure the maximum

 

number of MAC addresses that the port can learn, reflector port for port

 

mirroring, fabric port, or link aggregation.

 

 

Configuring Port

In the userlogin-withouimode, a port authenticates users using MAC-based

Security

802.1x and permits only packets from authenticated users. Besides, the port also

userlogin-withoui

allows packets whose source MAC addresses have a specified organizationally

Mode

unique identifier (OUI) value to pass the port.

Network Diagram

Figure 14 Network diagram for configuring port security userlogin-withoui mode

Eth1/0/1

Authentication servers

(192.168.1.3/24

192.168.1.2/24)

Internet

HostSwitch

Networking and The host connects to the switch through the port Ethernet 1/0/1, and the switch Configuration authenticates the host through the RADIUS server. If the authentication is Requirements successful, the host is authorized to access the Internet.

Page 51
Image 51
3Com 4200G, 5500G, 4210 manual Security, Userlogin-withoui, Mirroring, fabric port, or link aggregation