beautypg.com

Aaa for 802.1x users by a radius server, Network requirements – H3C Technologies H3C S5120 Series Switches User Manual

Page 438

background image

1-32

[Switch-ui-vty0-4] protocol inbound ssh

[Switch-ui-vty0-4] quit

# Create RADIUS scheme rad.

[Switch] radius scheme rad

# Specify the primary authentication server.

[Switch-radius-rad] primary authentication 10.1.1.1 1812

# Specify the primary accounting server.

[Switch-radius-rad] primary accounting 10.1.1.1 1813

# Set the shared key for authentication packets to expert.

[Switch-radius-rad] key authentication expert

# Set the shared key for accounting packets to expert.

[Switch-radius-rad] key accounting expert

# Specify that a username sent to the RADIUS server carries the domain name.

[Switch-radius-rad] user-name-format with-domain

# Specify the service type for the RADIUS server, which must be extended when the RADIUS server

runs iMC.

[Switch-radius-rad] server-type extended

[Switch-radius-rad] quit

# Configure the AAA methods for the domain.

[Switch] domain bbb

[Switch-isp-bbb] authentication login radius-scheme rad

[Switch-isp-bbb] authorization login radius-scheme rad

[Switch-isp-bbb] accounting login radius-scheme rad

[Switch-isp-bbb] quit

When using SSH to log in, a user enters a username in the form userid@bbb for authentication using

domain bbb.

3) Verify the configuration

After the above configuration, the SSH user should be able to use the configured account to access the

user interface of the switch. The commands that the user can access depend on the settings for EXEC

users on the iMC server.

AAA for 802.1X Users by a RADIUS Server

Network requirements

As shown in

Figure 1-10

, configure the switch to use the RADIUS server to perform authentication,

authorization, and accounting for 802.1X users.

z

Use MAC-based access control on GigabitEthernet1/0/1 to authenticate all 802.1X users on the

port separately.

z

Set the shared keys for authentication and authorization packets exchanged between the switch

and the RADIUS server to expert and specify the ports for authentication/authorization and

accounting as 1812 and 1813 respectively.

See also other documents in the category H3C Technologies Routers: