Manuals / Brands / Computer Equipment / Switch / 3Com / Computer Equipment / Switch

3Com 4200G, 4210, 5500, 5500G Configuring Port Security userlogin-withoui

1 336

Download 336 pages, 4.69 Mb

Configuring Port Security userlogin-withoui Mode 51

[3Com-Ethernet1/0/1] port-security intrusion-mode blockmac

Complete Configuration #

domain default enable aabbcc.net

#

port-security enable

#

MAC-authentication domain aabbcc.net

#

radius scheme radius1

server-type standard

primary authentication 192.168.1.3

primary accounting 192.168.1.2

secondary authentication 192.168.1.2

secondary accounting 192.168.1.3

key authentication name

key accounting money

user-name-format without-domain

#

domain aabbcc.net

scheme radius-scheme radius1

#

interface Ethernet1/0/1

port-security port-mode mac-authentication

port-security intrusion-mode blockmac

Precautions ■Before enabling port security, be sure to disable 802.1x and MAC

authentication globally.

■On a port configured with port security, you cannot configure the maximum

number of MAC addresses that the port can learn, reflector port for port

mirroring, fabric port, or link aggregation.

Configuring Port Security userlogin-withoui

Mode

In the userlogin-withoui mode, a port authenticates users using MAC-based

802.1x and permits only packets from authenticated users. Besides, the port also

allows packets whose source MAC addresses have a specified organizationally

unique identifier (OUI) value to pass the port.

Network Diagram Figure14 Network diagram for configuring port security userlogin-withoui mode

Networking and

Configuration

Requirements

The host connects to the switch through the port Ethernet 1/0/1, and the switch

authenticates the host through the RADIUS server. If the authentication is

successful, the host is authorized to access the Internet.

Internet

Switch

Host

Eth1/0/1

Authentication servers

(192.168.1.3/24

192.168.1.2/24)

Contents

Main 3Com Corporation 350 Campus Drive Marlborough, MA USA 01752-3064 C 1 2 3 4 9 10 11 12 13 17 18 19 20 21 25 26 27 28 29 34 35 36 37 38 Page ABOUT THIS GUIDE n c Conventions Related Documentation Products Supported by this Document Page Page 1 n Logging In from the Console Port Page Complete Configuration Telnet login configuration with the authentication mode being none You can telnet to your switch to manage and maintain it remotely. Logging In Through Tel ne t Page Page Configuring Login Access Control # Reference ACL 2000 to control Telnet login by source IP address. # Reference ACL 2000 to control SNMP login by source IP address. # Reference ACL 2000 to control WEB login by source IP address. Complete Configuration Configuration for Telnet login control by source IP address Page 2 Configuring Port-Based VLAN # Create VLAN 101 on Switch B, and add Ethernet 1/0/11 to VLAN 101. # Create VLAN 201 on Switch B, and add Ethernet 1/0/12 to VLAN 201. Complete Configuration Configuration on Switch A Configuring Protocol-Based VLAN n Page Page 3 IP Address Page 4 Configuring Voice VLAN Page n Precautions 5 Configuring GVRP Page n Page Page Page 6 Configuring the Basic Functions of an Ethernet Port n 7 Configuring Link Aggregation n Page Page 8 Configuring Port Isolation Page 9 Configuring Port Security autolearn Configuring Port Security mac-authentication Page Page Configuring Port Security userlogin-withoui Page Page # Configure port security trapping. Configuring Port Security mac-else-userlogin-sec ure-ext Mode Page Page Page 10 Configuring a Port Binding Page 11 MAC Address Table Management Page 12 Configuring DLDP Page Page Page 13 Auto Detect Implementation in Static Routing Page n Auto Detect Implementation in VRRP Page n Auto Detect Implementation in VLAN Interface Backup Page Page Page Page 14 Configuring MSTP Page Page Configuring VLAN-VPN Tunneling Page Page Configuring RSTP n Page Page Page Configuring Digest Snooping and Rapid Tran sit ion Page Page Page Page 15 Configuring Static Routes Page Configuring RIP Configuration Procedure Configure Switch A. Page Configuring OSPF Page Page Page Configuring OSPF DR Election Page Page Page Configuring a (Totally) Stub Area Page n Page Configuration information when area 1 is a stub area: Refer to the configuration of Switch B when area 1 is a non-backbone area. Configuring a (Totally) NSSA Area Page Page Page n Page Configuring OSPF Route Summarization Page Page n Page ASBR route summarization configuration 1 n Page ASBR route summarization configuration 2 n translated from Type-7 LSAs. Page Configuring OSPF Virtual Link Configuration Procedure 1Configure OSPF basic functions. # Configure Switch A. # Configure Switch B. 2Configure a virtual link. # Configure Switch A. # Configure Switch B. Precautions Both ends of a virtual link must be ABRs configured with the vlink-peer command. Configuring Routing Policies Page Page Page Page Page Page 16 Configuring IGMP Snooping Page Page Configuring IGMP Snooping Only c Page Page Configuring Multicast VLAN Page Page Page Configuring PIM-SM plus IGMP plus IGMP Snooping Page Page n # View the BSR information on Switch E. # View the RP information on Switch E. # View the PIM routing table on Switch A. # View the PIM routing table on Switch E. # View multicast group entries created by IGMP Snooping on Switch F. Page Page Configuration on Switch E Configuration on Switch F Configuring PIM-DM plus IGMP Page Page Complete Configuration Configuration on Switch A Configuring Anycast RP Application Page Page Page # View the PIM routing information on Switch F again. Complete Configuration Configuration on Switch C Configuration on Switch F 17 n Configuring 802.1x Access Control Page Page Page 18 Configuring RADIUS Authentication for Telnet Users Page Configuring Dynamic VLAN Assignment with RADIUS Page Configuring Local Authentication for Telnet Users Configuring HWTACACS Authentication for Teln et Use rs Page Configuring EAD Page Page 19 Configuring MAC Page Page Page 20 Single VRRP Group n Page Multiple VRRP Groups Page VRRP Interface Trac kin g Page Page VRRP Port Tracking Page Page Page 21 DHCP Server Global Address Pool Page Page DHCP Server Interface Address Pool DHCP Relay Agent Page DHCP Snooping Page DHCP Accounting Page DHCP Client Page 22 Configuring Basic ACLs Configuring Advanced ACLs Configuring Ethernet Frame Header ACLs Page Configuring User-Defined ACLs Page Page Page 23 Configuring Traffic Policing and LR n Page Configuring Priority Marking and Queue Scheduling n Page Page Configuring Traffic Redirection and Traffic Accounting Page Configuring QoS Profile Page Page 24 Configuring Web Cache Redirection Page Page Page 25 Local Port Mirroring Page Remote Port Mirroring Page Page # Configure the destination port and remote-probe VLAN for the remote destination mirroring group. # Configure Ethernet 1/0/1 as a Trunk port, allowing packets of VLAN 10 to pass. Complete Configuration 1Configuration on the source switch (Switch A) 2Configuration on the intermediate switch (Switch B) Page Traffic Mirroring Page Page 26 XRN Fabric Page Page Page Page n Page Page 27 Cluster Configuration n Page Page Network Management Interface Page Page n Cluster Configuration in Real Networking Cluster Page n Page Complete Configuration 1Configuration on Switch A 28 PoE Configuration Network Page PoE Profile Page # Create Profile2 and enter PoE profile view. # Apply the configured Profile1 to Ethernet 1/0/1 through Ethernet 1/0/5. # Apply the configured Profile2 to Ethernet 1/0/6 through Ethernet 1/0/10. Page 29 UDP Helper Page 30 SNMP Configuration Page RMON Configuration Page 31 NTP Client/Server Mode Configuration NTP Symmetric Peers Mode Configuration NTP Broadcast Mode Page NTP Multicast Mode NTP Client/Server Mode with Authentication Page Page 32 Configuring the Switch to Act as the SSH Server and Use Password Page Page Page Configuring the Switch to Act as the SSH Server and Use RSA Authentication n Page Page Page Page Page Configuring the Switch to Act as the SSH Client and Use Password # Specify the authentication method of user client001 as password. Configuring the Switch to Act as the SSH Client and Use RSA Authentication n # Display the host public key. n Configuring the Switch to Act as the SSH Client and Not to Support First-Time n # Display the server host public key. # Generate an RSA key pair. # Display the client host public key. 298 CHAPTER 32: SSH CONFIGURATION GUIDE n [3Com] undo ssh client first-time n # Specify the server public key on the client. [3Com] ssh client 10.165.87.136 assign rsa-key Switch002 Page Configuring SFTP Page # Add a directory named new1, and then check that the new directory has been successfully created. # Rename the directory to new2, and then verify the operation. # Download the file pubkey2 from the server, renaming it to public. # Upload file pu to the server and rename it to puk, and then verify the operation. # Exit SFTP. Page Page 33 Configuring a Switch as FTP Server SFTP serv er SFTP cli ent Switch B Switch A Vlan-int1 192.168.0 .1/24 Vlan-int1 192.168.0.2/ 24 n Configuring a Switch as FTP Client n Configuring a Switch as TFTP Client Page 34 Outputting Log Information to a Unix Log Host Page Outputting Log Information to a Linux Log Host Outputting Log and Trap Information to a Log Host Through the Same Channel Page Page Outputting Log Information to the Console Displaying the Time Stamp with the UTC Time Zone Use of the Facility Argument in Log Information Output Page 35 Configuring VLAN-VPN n Page Configuring BPDU Tunnel Network Page Complete Configuration Configure Provider 1 36 Page 37 Static Domain Name Resolution Dynamic Domain Name Resolution Page Page 38 Configuring Access Management Internet Page Configuring Access Management with Port Isolation