H3C Technologies H3C S3100 Series Switches User Manual
Page 294
Operation Manual – 802.1x
H3C S3100-52P Ethernet Switch
Chapter 1 802.1x Configuration
1-21
# Set the access control method to be MAC-address-based (This operation can be
omitted, as MAC-address-based is the default).
[H3C] dot1x port-method macbased interface Ethernet 1/0/1
# Create a RADIUS scheme named “radius1” and enter RADIUS scheme view.
[H3C] radius scheme radius1
# Assign IP addresses to the primary authentication and accounting RADIUS servers.
[H3C-radius-radius1] primary authentication 10.11.1.1
[H3C-radius-radius1] primary accounting 10.11.1.2
# Assign IP addresses to the secondary authentication and accounting RADIUS server.
[H3C-radius-radius1] secondary authentication 10.11.1.2
[H3C-radius-radius1] secondary accounting 10.11.1.1
# Set the password for the switch and the authentication RADIUS servers to exchange
messages.
[H3C-radius-radius1] key authentication name
# Set the password for the switch and the accounting RADIUS servers to exchange
messages.
[H3C-radius-radius1] key accounting money
# Set the interval and the number of the retries for the switch to send packets to the
RADIUS servers.
[H3C-radius-radius1] timer 5
[H3C-radius-radius1] retry 5
# Set the timer for the switch to send real-time accounting packets to the RADIUS
servers.
[H3C-radius-radius1] timer realtime-accounting 15
# Configure to send the user name to the RADIUS server with the domain name
truncated.
[H3C-radius-radius1] user-name-format without-domain
[H3C-radius-radius1] quit
# Create the domain named “aabbcc.net” and enter its view.
[H3C] domain enable aabbcc.net
# Specify to adopt radius1 as the RADIUS scheme of the user domain. If RADIUS
server is invalid, specify to adopt the local authentication scheme.
[H3C-isp-aabbcc.net] scheme radius-scheme radius1 local
# Specify the maximum number of users the user domain can accommodate to 30.
[H3C-isp-aabbcc.net] access-limit enable 30
# Enable the idle disconnecting function and set the related parameters.