beautypg.com

H3C Technologies H3C S5120 Series Switches User Manual

Page 399

background image

1-21

[Switch-radius-radius1] key authentication name

# Specify the shared key for the device to exchange packets with the accounting server.

[Switch-radius-radius1] key accounting money

# Set the interval for the device to retransmit packets to the RADIUS server and the maximum number

of transmission attempts.

[Switch-radius-radius1] timer response-timeout 5

[Switch-radius-radius1] retry 5

# Set the interval for the device to send real time accounting packets to the RADIUS server.

[Switch-radius-radius1] timer realtime-accounting 15

# Specify the device to remove the domain name of any username before passing the username to the

RADIUS server.

[Switch-radius-radius1] user-name-format without-domain

[Switch-radius-radius1] quit

# Create domain aabbcc.net and enter its view.

[Switch] domain aabbcc.net

# Set radius1 as the RADIUS scheme for users of the domain and specify to use local authentication as

the secondary scheme.

[Switch-isp-aabbcc.net] authentication default radius-scheme radius1 local

[Switch-isp-aabbcc.net] authorization default radius-scheme radius1 local

[Switch-isp-aabbcc.net] accounting default radius-scheme radius1 local

# Set the maximum number of users for the domain as 30.

[Switch-isp-aabbcc.net] access-limit enable 30

# Enable the idle cut function and set the idle cut interval.

[Switch-isp-aabbcc.net] idle-cut enable 20

[Switch-isp-aabbcc.net] quit

# Configure aabbcc.net as the default domain.

[Switch] domain default enable aabbcc.net

# Enable 802.1X globally.

[Switch] dot1x

# Enable 802.1X for port GigabitEthernet1/0/1.

[Switch] interface gigabitethernet 1/0/1

[Switch-GigabitEthernet1/0/1] dot1x

[Switch-GigabitEthernet1/0/1] quit

# Set the port access control method. (Optional. The default settings meet the requirement.)

[Switch] dot1x port-method macbased interface gigabitethernet 1/0/1

You can use the display dot1x interface gigabitethernet 1/0/1 command to view the 802.1X

configuration information. After an 802.1X user passes the RADIUS authentication with the username

in the format of username@aabbcc.net, you can use the display connection command to view the

connection information of the user. If the user fails the RADIUS authentication, local authentication of

the user will be performed.

See also other documents in the category H3C Technologies Routers: