MAC地址认证配置(三)H3C篇

sysname mac-authen Switch 更改主机名

vlan 32

vlan 90

vlan 100

int vlan 32 创建管理VLAN 32虚拟接口

ip address 172.16.32.253 24

配置管理IP为172.16.32.254/24

创建radius模版

radius scheme test.com

primary authentication 10.248.31.66

primary accounting 10.248.31.66

key authentication test.com

key accounting test.com

user-name-format without-domain

创建域

domain test.com

authentication default radius-scheme test.com

authorization default radius-scheme test.com

accounting default radius-scheme test.com

access-limit disable

state active

idle-cut disable

self-service-url disable

全局开启mac地址认证

mac-authentication

设置mac地址认证域

mac-authentication domain test.com

开启DHCP服务

dhcp enable

配置默认路由

ip route 0.0.0.0 0.0.0.0 172.16.32.254

配置接入的端口G1/0/1

interface GigabitEthernet1/0/1

description To client

port link-type hybrid

undo port hybrid vlan 1

port hybrid vlan 90 100 untagged

port hybrid pvid vlan 100

mac-authentication

mac-authentication guest-vlan 90

配置上联端口G1/0/24

interface GigabitEthernet1/0/24

description To Core-Switch-G10/0/1

port link-type trunk

port trunk permit vlan all

port trunk pvid vlan 32