华三交换机启用mac地址验证(V7)

环境:
内核版本:V7

1.开启全局MAC地址认证
system-view
mac-authentication

 

2.配置MAC地址认证的用户名格式
mac-authentication user-name-format mac-address with-hyphen lowercase

 

3.查看

[H3C]display mac-authentication
 Global MAC authentication parameters:
   MAC authentication                  : Enabled
   Authentication method               : PAP
   M-LAG member configuration conflict : Unknown
   Username format                     : MAC address in lowercase(xx-xx-xx-xx-xx-xx)
           Username                    : mac
           Password                    : Not configured
   MAC range accounts                  : 0
          MAC address          Mask                 Username
   Offline detect period                      : 300 s
   Quiet period                               : 60 s
   Server timeout                             : 100 s
   Reauth period                              : 3600 s
   User aging period for critical VLAN        : 1000 s
   User aging period for guest VLAN           : 1000 s
   Temporary user aging period                : 60 s
   Authentication domain                      : Not configured, use default domain
   HTTP proxy port list                       : Not configured
   HTTPS proxy port list                      : Not configured
 Online MAC-auth wired users                  : 0

 Silent MAC users:
          MAC address       VLAN ID  From port               Port index

 

4.进入接口视图并开启端口MAC地址认证
[H3C] interface gigabitethernet 1/0/1
[H3C-GigabitEthernet1/0/1] mac-authentication
[H3C-GigabitEthernet1/0/1] quit

 

5.采用本地认证方式
创建本地用户:需要为每个允许接入的MAC地址创建一个本地用户
# 假设允许MAC地址为 00-e0-fc-12-34-56 的设备接入

[H3C] local-user 00-e0-fc-12-34-56 class network
[H3C] password simple 00-e0-fc-12-34-56
[H3C] service-type lan-access
[H3C] quit

 

posted @ 2026-06-29 10:01  slnngk  阅读(6)  评论(0)    收藏  举报