HP 6125G HP 6125G & 6125G/XG Blade Switches Security Configuration Gui - Page 140
Specify ISP domain, authentication method is CHAP for 802.1X.
View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 140 highlights
1. Configure the RADIUS protocol: Configure the RADIUS authentication/accounting and ISP domain settings the same as in Configuring the userLoginWithOUI mode. 2. Configure port security: # Enable port security. system-view [Device] port-security enable # Configure the device to use hyphenated, lowercased MAC addresses of users as the usernames and passwords for MAC authentication. [Device] mac-authentication user-name-format mac-address with-hyphen lowercase [Device] interface gigabitethernet 1/0/1 # Specify ISP domain sun for MAC authentication. [Device] mac-authentication domain sun [Device] interface gigabitethernet 1/0/1 # Set the 802.1X authentication method to CHAP. (This configuration is optional. By default, the authentication method is CHAP for 802.1X.) [Device] dot1x authentication-method chap # Set port security's limit on the number of MAC addresses to 64 on the port. [Device-GigabitEthernet1/0/1] port-security max-mac-count 64 # Set the port security mode to macAddressElseUserLoginSecure. [Device-GigabitEthernet1/0/1] port-security port-mode mac-else-userlogin-secure # Set the NTK mode of the port to ntkonly. [Device-GigabitEthernet1/0/1] port-security ntk-mode ntkonly Verifying the configuration # Display the port security configuration. display port-security interface gigabitethernet 1/0/1 Equipment port-security is enabled Trap is disabled Disableport Timeout: 20s OUI value: GigabitEthernet1/0/1 is link-up Port mode is macAddressElseUserLoginSecure NeedToKnow mode is NeedToKnowOnly Intrusion Protection mode is NoAction Max MAC address number is 64 Stored MAC address number is 0 Authorization is permitted Security MAC address learning mode is sticky Security MAC address aging type is absolute # Display MAC authentication information. display mac-authentication interface gigabitethernet 1/0/1 MAC address authentication is enabled. User name format is MAC address in lowercase,like xx-xx-xx-xx-xx-xx 130