Manualshelf

R211x-HP Flexfabric 11900 Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP FlexFabric 11000 Switch Products
111112113114115116117118119120
102
Max number of secure MAC addresses: Not configured
Current number of secure MAC addresses: 1
Authorization is permitted
After an 802.1X user goes online, the number of secure MAC addresses saved by the port is 1.
# Use the display dot1x command to display information about online 802.1X users. (Details not shown.)
# Use the display mac-address command to display the MAC address information on the port.
[Device] display mac-address interface ten-gigabitethernet 1/0/1
MAC Address VLAN ID State Port Aging
1234-0300-0011 1 Learned Ten-GigabitEthernet1/0/1 Y
macAddressElseUserLoginSecure configuration example
Network requirements
As shown in Figure 36, a client is connected to the device through Ten-GigabitEthernet 1/0/1. The
device authenticates the client by a RADIUS server. If the authentication succeeds, the client is authorized
to access the Internet.
Restrict port Ten-GigabitEthernet 1/0/1 of the device as follows:
Allow more than one MAC authenticated user to log on.
For 802.1X users, perform MAC authentication first and then, if MAC authentication fails, 802.1X
authentication. Allow only one 802.1X user to log on.
Use the MAC address of each user as the username and password for authentication, and require
that the MAC addresses are hyphenated and in upper case.
Set the total number of MAC authenticated users and 802.1X authenticated users to 64.
Enable NTK (ntkonly mode) to prevent frames from being sent to unknown MAC addresses.
Figure 36 Network diagram
Configuration procedure
Make sure the host and the RADIUS server can reach each other.
1. Configure RADIUS authentication/accounting and ISP domain settings. (See "userLoginWithOUI
c
onfiguration example.")
2. Configure port security:
# Enable port security.
<Device> system-view
[Device] port-security enable