beautypg.com

H3C Technologies H3C S3100V2 Series Switches User Manual

Page 55

background image

47

[SwitchA-isp-domian1] authentication lan-access radius-scheme scheme1

[SwitchA-isp-domian1] authorization lan-access radius-scheme scheme1

[SwitchA-isp-domian1] accounting lan-access radius-scheme scheme1

[SwitchA-isp-domian1] quit

[SwitchA] domain default enable domain1

# Globally enable 802.1X and then enable it on Ethernet 1/0/1 and Ethernet 1/0/2 respectively.

[SwitchA] dot1x

[SwitchA] interface ethernet 1/0/1

[SwitchA-Ethernet1/0/1] dot1x

[SwitchA-Ethernet1/0/1] quit

[SwitchA] interface ethernet 1/0/2

[SwitchA-Ethernet1/0/2] dot1x

[SwitchA-Ethernet1/0/2] quit

3.

Configure Switch B

# Globally enable IGMP snooping.

system-view

[SwitchB] igmp-snooping

[SwitchB-igmp-snooping] quit

# Create VLAN 100, assign Ethernet 1/0/1 through Ethernet 1/0/3 to this VLAN, and enable IGMP
snooping in this VLAN.

[SwitchB] vlan 100

[SwitchB-vlan100] port ethernet 1/0/1 to ethernet 1/0/3

[SwitchB-vlan100] igmp-snooping enable

[SwitchB-vlan100] quit

# Create a user profile profile2 to allow users to join or leave only one multicast group, 224.1.1.1. Then,
enable the user profile.

[SwitchB] acl number 2001

[SwitchB-acl-basic-2001] rule permit source 224.1.1.1 0

[SwitchB-acl-basic-2001] quit

[SwitchB] user-profile profile2

[SwitchB-user-profile-profile2] igmp-snooping access-policy 2001

[SwitchB-user-profile-profile2] quit

[SwitchB] user-profile profile2 enable

# Create a RADIUS scheme scheme2; set the service type for the RADIUS server to extended; specify the

IP addresses of the primary authentication/authorization server and accounting server as 3.1.1.1; set the
shared keys to 321123; specify that a username sent to the RADIUS server carry no domain name.

[SwitchB] radius scheme scheme2

[SwitchB-radius-scheme2] server-type extended

[SwitchB-radius-scheme2] primary authentication 3.1.1.1

[SwitchB-radius-scheme2] key authentication 321123

[SwitchB-radius-scheme2] primary accounting 3.1.1.1

[SwitchB-radius-scheme2] key accounting 321123

[SwitchB-radius-scheme2] user-name-format without-domain

[SwitchB-radius-scheme2] quit

# Create an ISP domain domain2; reference scheme2 for the authentication, authorization, and
accounting of LAN users; specify domain2 as the default ISP domain.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: