Professional Documents
Culture Documents
X00030004 第14章 交换机端口安全技术
X00030004 第14章 交换机端口安全技术
com
ISSUE 1.0
802.1X
802.1X
802.1X
Internet
802.1X 802.11
802.1X802.11
www.h3c.com
802.1X
www.h3c.com
Switch
Hub
Port-based MAC-based
MAC
www.h3c.com
802.1X
802.1X
[Switch] dot1x
802.1X
[Switch] dot1x interface interface-list
[Switch] local-user user-name
[Switch-luser-localuser] service-type lan-access
[Switch-luser-localuser] password { cipher |
simple } password
www.h3c.com
802.1X
SWA
E1/0/1
PC
[SWA]dot1x
[SWA]dot1x interface ethernet1/0/1
[SWA]local-user localuser
[SWA-luser-localuser]password simple hello
[SWA-luser-localuser]service-type lan-access
www.h3c.com
802.1X
Uplink-port
Switch Switch
VLAN
www.h3c.com
[Switch-Ethernet1/0/1] port-isolate enable
[Switch-Ethernet1/0/2] port-isolate uplink-port
www.h3c.com
Server
E1/0/1 Uplink-port
E1/0/2 E1/0/4
E1/0/3
www.h3c.com
802.1X
MAC IP Port
0001-0201-0000 10.1.1.1 E1/0/2
0001-0401-2126 10.2.1.1 E1/0/3
0001-0401-2126 10.3.1.2 E1/0/4
E1/0/1
E1/0/2 E1/0/4
E1/0/3
MAC+IP+
www.h3c.com
[Switch-Ethernet1/0/1] user-bind ip-address ip-
address [ mac-address mac-address ]
www.h3c.com
E1/0/1
E1/0/2 E1/0/4
E1/0/3
www.h3c.com
802.1X
VLAN
www.h3c.com