Configuration procedure – H3C Technologies H3C S6300 Series Switches User Manual

155

•

The RADIUS server response timeout time is 5 seconds and the maximum number of RADIUS packet

retransmission attempts is five. The Device sends real-time accounting packets to the RADIUS server
at 15-minute intervals, and sends usernames without domain names to the RADIUS server.

Configure port Ten-GigabitEthernet 1/0/1 of the device to allow only one 802.1X user and a user that

uses one of the specified OUI values to be authenticated.

Figure 64 Network diagram

Configuration procedure

The following configuration steps cover some AAA/RADIUS configuration commands. For more

information about the commands, see Security Command Reference.
Make sure the host and the RADIUS server can reach each other.

1.

Configure AAA:
# Configure a RADIUS scheme named radsun.

system-view

[Device] radius scheme radsun

[Device-radius-radsun] primary authentication 192.168.1.2

[Device-radius-radsun] primary accounting 192.168.1.3

[Device-radius-radsun] secondary authentication 192.168.1.3

[Device-radius-radsun] secondary accounting 192.168.1.2

[Device-radius-radsun] key authentication simple name

[Device-radius-radsun] key accounting simple money

[Device-radius-radsun] timer response-timeout 5

[Device-radius-radsun] retry 5

[Device-radius-radsun] timer realtime-accounting 15

[Device-radius-radsun] user-name-format without-domain

[Device-radius-radsun] quit

# Configure ISP domain sun.

[Device] domain sun

[Device-isp-sun] authentication lan-access radius-scheme radsun

[Device-isp-sun] authorization lan-access radius-scheme radsun

[Device-isp-sun] accounting lan-access radius-scheme radsun

[Device-isp-sun] quit

2.

Configure 802.1X:
# Set the 802.1X authentication method to CHAP. (This step is optional. By default, the
authentication method is CHAP for 802.1X.)

[Device] dot1x authentication-method chap

3.

Configure port security: