华三交换机启用mac地址验证(V7)
环境:
内核版本:V7
1.开启全局MAC地址认证
system-view
mac-authentication
2.配置MAC地址认证的用户名格式
mac-authentication user-name-format mac-address with-hyphen lowercase
3.查看
[H3C]display mac-authentication
Global MAC authentication parameters:
MAC authentication : Enabled
Authentication method : PAP
M-LAG member configuration conflict : Unknown
Username format : MAC address in lowercase(xx-xx-xx-xx-xx-xx)
Username : mac
Password : Not configured
MAC range accounts : 0
MAC address Mask Username
Offline detect period : 300 s
Quiet period : 60 s
Server timeout : 100 s
Reauth period : 3600 s
User aging period for critical VLAN : 1000 s
User aging period for guest VLAN : 1000 s
Temporary user aging period : 60 s
Authentication domain : Not configured, use default domain
HTTP proxy port list : Not configured
HTTPS proxy port list : Not configured
Online MAC-auth wired users : 0
Silent MAC users:
MAC address VLAN ID From port Port index
4.进入接口视图并开启端口MAC地址认证
[H3C] interface gigabitethernet 1/0/1
[H3C-GigabitEthernet1/0/1] mac-authentication
[H3C-GigabitEthernet1/0/1] quit
5.采用本地认证方式
创建本地用户:需要为每个允许接入的MAC地址创建一个本地用户
# 假设允许MAC地址为 00-e0-fc-12-34-56 的设备接入
[H3C] local-user 00-e0-fc-12-34-56 class network
[H3C] password simple 00-e0-fc-12-34-56
[H3C] service-type lan-access
[H3C] quit
浙公网安备 33010602011771号