故障描述
版本信息:V100R005C01SPC100
Q:S5700如何配置MAC本地认证?
故障分析
无
处理过程
A:基于MAC本地认证的配置方法如下:
[Quidway]mac-authen
[Quidway]mac-authen username macaddress format with-hyphen
[Quidway]aaa
[Quidway-aaa]
[Quidway-aaa]local-user f0de-f163-76d5 password simple f0de-f163-76d5
[Quidway]int ethe0/0/4
[Quidway-Ethernet0/0/4]mac-authen
当mac认证不通过时,交换机上上不学习PC的mac,查看认证状态时有如下显示:
[Quidway]dis mac-authen int Ethernet 0/0/4
Ethernet0/0/4 state: UP. MAC address authentication is enabled
Maximum users: 256
Current users: 0
Authentication Success: 6, Failure: 18
Guest VLAN is disabled
Silent MAC info:
f0de-f163-76d5
1 silent mac address(es) found, 1 printed.
当MAC认证通过时,交换机上学习到PC的MAC,查看认证状态时有如下显示:
[Quidway]dis mac-authen int Ethernet 0/0/4
Ethernet0/0/4 state: UP. MAC address authentication is enabled
Maximum users: 256
Current users: 1
Authentication Success: 5, Failure: 17
Guest VLAN is disabled
Online user(s) info:
UserId MAC/VLAN AccessTime UserName
------------------------------------------------------------------------------
37 f0de-f163-76d5/1 2008/01/01 00:37:08 f0de-f163-76d5
------------------------------------------------------------------------------
建议/总结
1、如果mac认证是基于用户名和密码的,配置方法如下:
[Quidway]mac-authen
[Quidway]mac-authen username fixed cc pass cc
[Quidway]aaa
[Quidway-aaa]
[Quidway-aaa]local-user cc password simple cc
[Quidway]int ethe0/0/4
[Quidway-Ethernet0/0/4]mac-authen
2、端口上支持的MAC认证的用户数默认是256,整机最大1024