FAQ-S5700交换机MAC本地认证的配置方法

发布时间:  2014-09-12 浏览次数:  654 下载次数:  0
问题描述
版本信息:V100R005C01SPC100
Q:S5700如何配置MAC本地认证?

告警信息

处理过程
A:基于MAC本地认证的配置方法如下:
[Quidway]mac-authen          
[Quidway]mac-authen username macaddress format with-hyphen
[Quidway]aaa
[Quidway-aaa]
[Quidway-aaa]local-user f0de-f163-76d5 password simple f0de-f163-76d5
[Quidway]int ethe0/0/4
[Quidway-Ethernet0/0/4]mac-authen

当mac认证不通过时,交换机上上不学习PC的mac,查看认证状态时有如下显示:

[Quidway]dis mac-authen int Ethernet 0/0/4

 Ethernet0/0/4 state: UP.  MAC address authentication is enabled
  Maximum users: 256
  Current users: 0      
  Authentication Success: 6, Failure: 18
  Guest VLAN is disabled

  Silent MAC info:
    f0de-f163-76d5
  1 silent mac address(es) found, 1 printed.

当MAC认证通过时,交换机上学习到PC的MAC,查看认证状态时有如下显示:
 

[Quidway]dis mac-authen int Ethernet 0/0/4

 Ethernet0/0/4 state: UP.  MAC address authentication is enabled
  Maximum users: 256
  Current users: 1      
  Authentication Success: 5, Failure: 17
  Guest VLAN is disabled

 Online user(s) info:
 UserId   MAC/VLAN            AccessTime              UserName
 ------------------------------------------------------------------------------
 37       f0de-f163-76d5/1    2008/01/01 00:37:08     f0de-f163-76d5          
 ------------------------------------------------------------------------------



根因

建议与总结
1、如果mac认证是基于用户名和密码的,配置方法如下:
[Quidway]mac-authen          
[Quidway]mac-authen username fixed cc pass cc
[Quidway]aaa
[Quidway-aaa]
[Quidway-aaa]local-user cc password simple cc
[Quidway]int ethe0/0/4
[Quidway-Ethernet0/0/4]mac-authen
2、端口上支持的MAC认证的用户数默认是256,整机最大1024

END