152
Port: 9437185
MAC Addr: 00:02:00:00:00:32
VLAN ID: 1
IfAdminStatus: 1
In addition, you will see that the port security feature has disabled the port if you issue the following
command:
[Switch-GigabitEthernet1/0/1] display interface gigabitethernet 1/0/1
GigabitEthernet1/0/1 current state: Port Security Disabled
IP Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 000f-cb00-5558
Description: GigabitEthernet1/0/1 Interface
......
The port should be re-enabled 30 seconds later.
[Switch-GigabitEthernet1/0/1] display interface gigabitethernet 1/0/1
GigabitEthernet1/0/1 current state: UP
IP Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 000f-cb00-5558
Description: GigabitEthernet1/0/1 Interface
......
If you manually delete several secure MAC addresses, the port security mode of the port will be restored
to autoLearn, and the port will be able to learn MAC addresses again.
Configuring the userLoginWithOUI mode
Network requirements
As shown in
, a client is connected to the switch through port GigabitEthernet 1/0/1. The switch
authenticates the client with a RADIUS server. If the authentication succeeds, the client is authorized to
access the Internet.
The RADIUS server at 192.168.1.2 functions as the primary authentication server and the secondary
accounting server, and the RADIUS server at 192.168.1.3 functions as the secondary authentication
server and the primary accounting server. The shared key for authentication is name, and that for
accounting is money.
All users use the default authentication, authorization, and accounting methods of ISP domain
sun
,
which can accommodate up to 30 users.
The RADIUS server response timeout time is five seconds and the maximum number of RADIUS
packet retransmission attempts is five. The switch sends real-time accounting packets to the RADIUS
server at an interval of 15 minutes, and sends usernames without domain names to the RADIUS
server.
Configure port GigabitEthernet 1/0/1
of the switch to:
Allow only one 802.1X user to be authenticated.
Allow up to 16 OUI values to be configured and allow one terminal that uses any of the OUI values
to access the port in addition to an 802.1X user.