beautypg.com

Displaying and maintaining 802.1x, 1x authentication configuration example – H3C Technologies H3C S12500-X Series Switches User Manual

Page 113

background image

101

[Device-radius-radsun] primary accounting 192.168.1.3

[Device-radius-radsun] secondary authentication 192.168.1.3

[Device-radius-radsun] secondary accounting 192.168.1.2

[Device-radius-radsun] key authentication simple name

[Device-radius-radsun] key accounting simple money

[Device-radius-radsun] timer response-timeout 5

[Device-radius-radsun] retry 5

[Device-radius-radsun] timer realtime-accounting 15

[Device-radius-radsun] user-name-format without-domain

[Device-radius-radsun] quit

# Configure ISP domain sun.

[Device] domain sun

[Device-isp-sun] authentication lan-access radius-scheme radsun

[Device-isp-sun] authorization lan-access radius-scheme radsun

[Device-isp-sun] accounting lan-access radius-scheme radsun

[Device-isp-sun] quit

2.

Configure 802.1X:
# Set the 802.1X authentication method to CHAP. (This step is optional. By default, the
authentication method is CHAP for 802.1X.)

[Device] dot1x authentication-method chap

3.

Configure port security:
# Enable port security.

[Device] port-security enable

# Add five OUI values. (You can add up to 16 OUI values. The port permits only one user

matching one of the OUIs to pass authentication.)

[Device] port-security oui index 1 mac-address 1234-0100-1111

[Device] port-security oui index 2 mac-address 1234-0200-1111

[Device] port-security oui index 3 mac-address 1234-0300-1111

[Device] port-security oui index 4 mac-address 1234-0400-1111

[Device] port-security oui index 5 mac-address 1234-0500-1111

# Set the port security mode to userLoginWithOUI.

[Device] interface ten-gigabitethernet 1/0/1

[Device-Ten-GigabitEthernet1/0/1] port-security port-mode userlogin-withoui

[Device-Ten-GigabitEthernet1/0/1] quit

433B

Verifying the configuration

# Display the RADIUS scheme radsun.

[Device] display radius scheme radsun

RADIUS Scheme Name : radsun

Index : 0

Primary Auth Server:

IP : 192.168.1.2 Port: 1812 State: Active

VPN : Not configured

Primary Acct Server:

IP : 192.168.1.3 Port: 1813 State: Active

VPN : Not configured

Second Auth Server:

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: