故障描述
版本信息:V100R005C01SPC100
Q:S5700如何配置MAC本地認(rèn)證?
故障分析
無(wú)
處理過(guò)程
A:基于MAC本地認(rèn)證的配置方法如下:
[Quidway]mac-authen
[Quidway]mac-authen username macaddress format with-hyphen
[Quidway]aaa
[Quidway-aaa]
[Quidway-aaa]local-user f0de-f163-76d5 password simple f0de-f163-76d5
[Quidway]int ethe0/0/4
[Quidway-Ethernet0/0/4]mac-authen
當(dāng)mac認(rèn)證不通過(guò)時(shí),交換機(jī)上上不學(xué)習(xí)PC的mac,查看認(rèn)證狀態(tài)時(shí)有如下顯示:
[Quidway]dis mac-authen int Ethernet 0/0/4
Ethernet0/0/4 state: UP. MAC address authentication is enabled
Maximum users: 256
Current users: 0
Authentication Success: 6, Failure: 18
Guest VLAN is disabled
Silent MAC info:
f0de-f163-76d5
1 silent mac address(es) found, 1 printed.
當(dāng)MAC認(rèn)證通過(guò)時(shí),交換機(jī)上學(xué)習(xí)到PC的MAC,查看認(rèn)證狀態(tài)時(shí)有如下顯示:
[Quidway]dis mac-authen int Ethernet 0/0/4
Ethernet0/0/4 state: UP. MAC address authentication is enabled
Maximum users: 256
Current users: 1
Authentication Success: 5, Failure: 17
Guest VLAN is disabled
Online user(s) info:
UserId MAC/VLAN AccessTime UserName
------------------------------------------------------------------------------
37 f0de-f163-76d5/1 2008/01/01 00:37:08 f0de-f163-76d5
------------------------------------------------------------------------------
建議/總結(jié)
1、如果mac認(rèn)證是基于用戶名和密碼的,配置方法如下:
[Quidway]mac-authen
[Quidway]mac-authen username fixed cc pass cc
[Quidway]aaa
[Quidway-aaa]
[Quidway-aaa]local-user cc password simple cc
[Quidway]int ethe0/0/4
[Quidway-Ethernet0/0/4]mac-authen
2、端口上支持的MAC認(rèn)證的用戶數(shù)默認(rèn)是256,整機(jī)最大1024