HP A 5120 Manual

Here you can view all the pages of manual HP A 5120 Manual. The HP manuals for Switch are available online for free. You can easily download all the documents as PDF.

Overview View all the pages Comments

Page 161

 
151 
[Switch-GigabitEthernet1/0/1] port-security port-mode autolearn 
# Configure the port to be silent for 30 seconds after the intrusion protection feature is triggered.  
[Switch-GigabitEthernet1/0/1] port-security intrusion-mode disableport-temporarily 
[Switch-GigabitEthernet1/0/1] quit 
[Switch] port-security timer disableport 30 
2. Verify the configuration. 
After  completing  the  configurations,  use  the  following  command  to  view  the  port  security  configuration 
information:...

Page 162

 
152 
 Port: 9437185 
 MAC Addr: 00:02:00:00:00:32 
 VLAN ID: 1 
 IfAdminStatus: 1 
In  addition,  you  will  see  that  the  port  security  feature  has  disabled  the  port  if  you  issue  the  following 
command: 
[Switch-GigabitEthernet1/0/1] display interface gigabitethernet 1/0/1 
 GigabitEthernet1/0/1 current state:  Port Security Disabled 
 IP Packet Frame Type: PKTFMT_ETHNT_2, Hardware Address: 000f-cb00-5558 
 Description: GigabitEthernet1/0/1 Interface 
 ...... 
The port should be...

Page 163

 
153 
Figure 48 Network diagram for configuring the userLoginWithOUI mode 
 
 
Configuration procedure 
 
 NOTE: 
 The following configuration steps cover some AAA/RADIUS configuration commands. For details about the 
commands, see the chapter “AAA configuration commands.”  
 Configurations on the host and RADIUS servers are not shown.  
1. Configure the RADIUS protocol. 
# Configure a RADIUS scheme named radsun. 
 system-view 
[Switch] radius scheme radsun 
[Switch-radius-radsun] primary...

Page 164

 
154 
# Enable port security. 
[Switch] port-security enable 
# Add five OUI values.  
[Switch] port-security oui 1234-0100-1111 index 1 
[Switch] port-security oui 1234-0200-1111 index 2 
[Switch] port-security oui 1234-0300-1111 index 3 
[Switch] port-security oui 1234-0400-1111 index 4 
[Switch] port-security oui 1234-0500-1111 index 5 
[Switch] interface gigabitethernet 1/0/1 
# Set the port security mode to userLoginWithOUI. 
[Switch-GigabitEthernet1/0/1] port-security port-mode userlogin-withoui...

Page 165

 
155 
   Accounting method : Required 
   Default authentication scheme      : radius:radsun 
   Default authorization scheme       : radius:radsun 
   Default accounting scheme          : radius:radsun 
   Domain User Template: 
   Idle-cut : Disabled 
   Self-service : Disabled 
   Authorization attributes: 
Use the following command to view the port security configuration information: 
 display port-security interface gigabitethernet 1/0/1 
 Equipment port-security is enabled 
 Trap is disabled...

Page 166

 
156 
   Handshake is enabled 
   Handshake secure is disabled 
   802.1X unicast-trigger is enabled 
   Periodic reauthentication is disabled 
   The port is an authenticator 
   Authentication Mode is Auto 
   Port Control Type is Mac-based 
   802.1X Multicast-trigger is enabled 
   Mandatory authentication domain: NOT configured 
   Guest VLAN: NOT configured 
   Auth-Fail VLAN: NOT configured 
   Max number of on-line users is 256 
 
   EAPOL Packet: Tx 16331, Rx 102 
   Sent EAP Request/Identity...

Page 167

 
157 
Configuration procedure 
 
 NOTE: 
Configurations on the host and RADIUS servers are not shown.  
1. Configure the RADIUS protocol. 
The  required  RADIUS  authentication/accounting  configurations and  ISP  domain  configurations are  the 
same as those in Configuring the userLoginWithOUI mode. 
2. Configure port security. 
# Enable port security. 
 system-view 
[Switch] port-security enable 
#  Configure  a  MAC  authentication  user,  setting  the  username  and  password  to  aaa  and  123456...

Page 168

 
158 
 
Use the following command to view MAC authentication information: 
 display mac-authentication interface gigabitethernet 1/0/1 
MAC address authentication is enabled. 
 User name format is fixed account 
 Fixed username:aaa 
 Fixed password:123456 
          Offline detect period is 60s 
          Quiet period is 5s 
          Server response timeout value is 100s 
          The max allowed user number is 1024 per slot 
          Current user number amounts to 3 
          Current domain is mac...

Page 169

 
159 
   802.1X unicast-trigger is enabled 
   Periodic reauthentication is disabled 
   The port is an authenticator 
   Authentication Mode is Auto 
   Port Control Type is Mac-based 
   802.1X Multicast-trigger is enabled 
   Mandatory authentication domain: NOT configured 
   Guest VLAN: NOT configured 
   Auth-Fail VLAN: NOT configured 
   Max number of on-line users is 256 
 
   EAPOL Packet: Tx 16331, Rx 102 
   Sent EAP Request/Identity Packets : 16316 
        EAP Request/Challenge Packets: 6...

Page 170

 
160 
Cannot configure secure MAC addresses 
Symptom 
Cannot configure secure MAC addresses. 
[Switch-GigabitEthernet1/0/1] port-security mac-address security 1-1-2 vlan 1 
Error: Security MAC address configuration failed. 
Analysis 
No  secure  MAC  address can  be  configured  on  a  port  operating  in  a  port  security  mode  other  than 
autoLearn.  
Solution  
Set the port security mode to autoLearn.  
[Switch-GigabitEthernet1/0/1] undo port-security port-mode 
[Switch-GigabitEthernet1/0/1]...

Start reading HP A 5120 Manual

Related Manuals for HP A 5120 Manual

HP 18108 Instruction Manual
71 pages | HP Switch
HP A 5120 Manual
1464 pages | HP Switch

All HP manuals