Scribd Logo
Upload

Welcome to Scribd!

  • X00030004 第14章 交换机端口安全技术

    Uploaded by

    JJamesran
    8 views18 pages
    第14章 交换机端口安全技术

    Copyright

    © © All Rights Reserved

    Available Formats

    PPT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    第14章 交换机端口安全技术

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    8 views18 pages

    X00030004 第14章 交换机端口安全技术

    Uploaded by

    JJamesran
    第14章 交换机端口安全技术

    Copyright:

    © All Rights Reserved
    Download as PPT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 18

    http://ccieh3c.taobao.

    com
    ISSUE 1.0




    802.1X



    802.1X


    802.1X

    Internet

    802.1X 802.11

    802.1X802.11

    www.h3c.com
    802.1X

    www.h3c.com

    Switch
    Hub

    Port-based MAC-based


    MAC

    www.h3c.com
    802.1X

    802.1X
    [Switch] dot1x
    802.1X
    [Switch] dot1x interface interface-list


    [Switch] local-user user-name
    [Switch-luser-localuser] service-type lan-access
    [Switch-luser-localuser] password { cipher |
    simple } password

    www.h3c.com
    802.1X

    SWA
    E1/0/1
    PC

    [SWA]dot1x
    [SWA]dot1x interface ethernet1/0/1
    [SWA]local-user localuser
    [SWA-luser-localuser]password simple hello
    [SWA-luser-localuser]service-type lan-access

    www.h3c.com

    802.1X


    Uplink-port
    Switch Switch

    VLAN1 VLAN2 VLAN3 Port-isolate Group

    VLAN

    www.h3c.com



    [Switch-Ethernet1/0/1] port-isolate enable



    [Switch-Ethernet1/0/2] port-isolate uplink-port

    www.h3c.com

    Server

    E1/0/1 Uplink-port
    E1/0/2 E1/0/4

    E1/0/3

    PCA PCB PCC


    [SWA]interface ethernet1/0/2
    [SWA-Ethernet1/0/2] port-isolate enable
    [SWA]interface ethernet1/0/3
    [SWA-Ethernet1/0/3] port-isolate enable
    [SWA]interface ethernet1/0/4
    [SWA-Ethernet1/0/4] port-isolate enable
    [SWA]interface ethernet1/0/1
    [SWA-Ethernet1/0/1] port-isolate uplink-port

    www.h3c.com

    802.1X


    MAC IP Port
    0001-0201-0000 10.1.1.1 E1/0/2
    0001-0401-2126 10.2.1.1 E1/0/3
    0001-0401-2126 10.3.1.2 E1/0/4
    E1/0/1
    E1/0/2 E1/0/4

    E1/0/3

    PCA PCB PCC


    MAC:0001-0201-2123 MAC:0001-0401-2126 MAC:0002-0261-2562
    IP:10.1.1.1/24 IP:10.2.1.1/24 IP:10.3.1.1/24

    MAC+IP+

    www.h3c.com


    [Switch-Ethernet1/0/1] user-bind ip-address ip-
    address [ mac-address mac-address ]

    www.h3c.com

    E1/0/1
    E1/0/2 E1/0/4

    E1/0/3

    PCA PCB PCC


    MAC:0001-0201-2123 MAC:0001-0401-2126 MAC:0002-0261-2562
    IP:10.1.1.1/24 IP:10.2.1.1/24 IP:10.3.1.1/24
    [SWA]interface ethernet1/0/2
    [SWA-Ethernet1/0/2] user-bind ip-address 10.1.1.1 mac-address 0001-0201-2123
    [SWA]interface ethernet1/0/3
    [SWA-Ethernet1/0/3] user-bind ip-address 10.2.1.1 mac-address 0001-0401-2126
    [SWA]interface ethernet1/0/4
    [SWA-Ethernet1/0/4] user-bind ip-address 10.3.1.1 mac-address 0002-0261-2562

    www.h3c.com

    802.1X

    VLAN



    www.h3c.com

    You might also like