beautypg.com

Network requirements – H3C Technologies H3C S7500E Series Switches User Manual

Page 117

background image

5-27

[Device-radius-radius1] key authentication name

# Specify the shared key for the device to exchange packets with the accounting server.

[Device-radius-radius1] key accounting money

# Set the interval for the device to retransmit packets to the RADIUS server and the maximum

number of transmission attempts.

[Device-radius-radius1] timer response-timeout 5

[Device-radius-radius1] retry 5

# Set the interval for the device to send real time accounting packets to the RADIUS server.

[Device-radius-radius1] timer realtime-accounting 15

# Specify the device to remove the domain name of any username before passing the

username to the RADIUS server.

[Device-radius-radius1] user-name-format without-domain

[Device-radius-radius1] quit

# Create domain aabbcc.net and enter its view.

[Device] domain aabbcc.net

# Specify RADIUS scheme radius1 for authentication, authorization, and accounting, and

specify local authentication as the secondary scheme.

[Device-isp-aabbcc.net] authentication default radius-scheme radius1 local

[Device-isp-aabbcc.net] authorization default radius-scheme radius1 local

[Device-isp-aabbcc.net] accounting default radius-scheme radius1 local

# Set the maximum number of users for the domain to 30.

[Device-isp-aabbcc.net] access-limit enable 30

# Enable the idle cut function and set the idle cut interval.

[Device-isp-aabbcc.net] idle-cut enable 20

[Device-isp-aabbcc.net] quit

# Configure aabbcc.net as the default domain.

[Device] domain default enable aabbcc.net

# Enable 802.1X globally.

[Device] dot1x

# Enable 802.1X for port GigabitEthernet2/0/1.

[Device] interface gigabitethernet 2/0/1

[Device-GigabitEthernet2/0/1] dot1x

[Device-GigabitEthernet2/0/1] quit

# Set the port access control method. (Optional. The default settings meet the requirement.)

[Device] dot1x port-method macbased interface gigabitethernet 2/0/1

You can use the display dot1x interface gigabitethernet 2/0/1 command to view the 802.1X

configuration information. After an 802.1X user passes the RADIUS authentication with the

username in the format of username@aabbcc.net, you can use the display connection

command to view the connection information of the user. If the user fails the RADIUS

authentication, local authentication of the user will be performed.

802.1X with Guest VLAN and VLAN Assignment Configuration Example

Network requirements

As shown in

Figure 5-10

:

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: