Configuration procedure – H3C Technologies H3C S5120 Series Switches User Manual

1-33

z

Specify that a username sent to the RADIUS server carries the domain name. The username of the

user is dot1x@bbb.

z

After the host passes authentication, the authentication server assigns the host to VLAN 4.

z

The host registers a monthly service charging 120 dollars for up to 120 hours per month.

Figure 1-10 Configure AAA for 802.1X users by a RADIUS server

Configuration procedure

z

Configure the interfaces and VLANs as per

Figure 1-10

. Make sure that the host can get a new IP

address manually or automatically and can access resources in the authorized VLAN after passing

authentication.

z

This example assumes that the RADIUS server runs iMC PLAT 3.20-R2606, iMC UAM 3.60-E6206

and iMC CAMS 3.60-E6206.

1) Configure the RADIUS server

# Add an access device.

Log in to the iMC management platform, select the Service tab, and select Access Service > Access

Device from the navigation tree to enter the Access Device List page. Then, click Add to enter the

Add Access Device page and perform the following configurations:

z

Set the shared keys for authentication and accounting packets to expert

z

Specify the ports for authentication and accounting as 1812 and 1813 respectively

z

Select LAN Access Service as the service type

z

Select H3C as the access device type

z

Select the access device from the device list or manually add the device whose IP address is

10.1.1.2

z

Adopt the default settings for other parameters and click OK to finish the operation.

The IP address of the access device specified above must be the same as the source IP address of the

RADIUS packets sent from the device, which is the IP address of the outbound interface by default, or

otherwise the IP address specified with the nas-ip or radius nas-ip command.