Displaying and maintaining 802.1x, 1x configuration examples, 1x authentication configuration example – H3C Technologies H3C S7500E Series Switches User Manual
Page 115: Network requirements
5-25
z
Different ports can be configured with different Auth-Fail VLANs, but a port can be
configured with only one Auth-Fail VLAN.
z
The generated MAFV entry for a MAC address will overwrite the existing blocked-MAC
entry of the MAC address on the port. But if the port is disabled by the intrusion protection
function, the MAFV cannot take effect. For information about the intrusion protection
function of disabling a port, see Port Security in the Security Configuration Guide.
Displaying and Maintaining 802.1X
To do…
Use the command…
Remarks
Display 802.1X session
information, statistics, or
configuration information of
specified or all ports
display dot1x [ sessions |
statistics ] [ interface
interface-list ]
Available in any view
Clear 802.1X statistics
reset dot1x statistics
[ interface interface-list ]
Available in user view
802.1X Configuration Examples
802.1X Authentication Configuration Example
Network requirements
z
It is required to use the access control method of macbased on the port
GigabitEthernet2/0/1 to control clients.
z
All clients belong to default domain aabbcc.net, which can accommodate up to 30 users.
RADIUS authentication is performed at first, and then local authentication when no
response from the RADIUS server is received. If the RADIUS accounting fails, the device
logs users off.
z
A server group with two RADIUS servers is connected to the device. The IP addresses of
the servers are 10.1.1.1 and 10.1.1.2 respectively. Use the former as the primary
authentication/accounting server, and the latter as the secondary
authentication/accounting server.
z
Set the shared key for the device to exchange packets with the authentication server as
name, and that for the device to exchange packets with the accounting server as money.
z
Specify the device to try up to five times at an interval of 5 seconds in transmitting a packet
to the RADIUS server until it receives a response from the server, and to send real time
accounting packets to the accounting server every 15 minutes.