Configuration of EAD and local centralized MAC address authentication on H3C S3600 series switch(2)
1 Network requirements:
1.1 The IP address of PC is 1.1.1.1/8 and the IP address of vlan1 on switch is 1.1.1.2/8.
1.2 The PC is connected to port G1/0/1 of switch.
1.3 Implement mac authentication at first.If the authentication is failed,implement dot1x authentication again.
2 Network diagram:
None
3 Configuration procedure:
3.1 Enable MAC address authentication globally
[Switch] MAC-authentication
3.2 Specify centralized MAC address authentication mode as MAC address, using hyphened MAC addresses as the usernames.
[Switch] MAC-authentication authmode usernameasmacaddress usernameformat with-hyphen
3.3 Use the system default domain as the MAC authentication domain.
[Switch] MAC-authentication domain system
3.4 Enter port Ethernet1/0/1 view
[Switch] interface Ethernet1/0/1
3.5 Enable MAC authentication on port
[Switch-Ethernet1/0/1] MAC-authentication
3.6 Quit to system view
[Switch-Ethernet1/0/1] quit
3.7 Add a user of MAC authentication(the username and password are both a MAC address of the PC that should be authenticated)
[Switch] local-user 00-15-c5-0d-1a-34
3.8 Set a password
[Switch-luser-00-15-c5-0d-1a-34] password simple 00-15-c5-0d-1a-34
3.9 Set the service type as lan-access
[Switch-luser-00-15-c5-0d-1a-34] service-type lan-access
3.10 enable dot1x authentication globally
[Switch] dot1x
3.11 Set the switch as a RADIUS server
[Switch]local-server nas-ip 127.0.0.1 key huawei
3.12 Enter port Ethernet1/0/1 view
[Switch] interface Ethernet1/0/1
3.13 Enable dot1x authentication on port
[Switch-Ethernet1/0/1] dot1x
3.14 Quit to system view
[Switch-Ethernet1/0/1] quit
3.15 Add a local user
[Switch] local-user huawei
3.16 Set service type as lan-access
[Switch-luser-huawei] service-type lan-access
3.17 Set a password
[Switch-luser-huawei] password simple huawei
4 Configuration tips:
1. Can not change or delete the related user’s configuration while implementing MAC authentication.
2. MAC authentication and dot1x authentication must use system default domain as their authentication domain,and the time of authentication is long.
3. This case is also applicable to H3C S5600 series switch.
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作