Network diagram, Configuration procedure – H3C Technologies H3C S3600 Series Switches User Manual

1-20

a real-time accounting packet to the RADIUS servers once in every 15 minutes. A user name is

sent to the RADIUS servers with the domain name truncated.

z

The user name and password for local 802.1x authentication are “localuser” and “localpass” (in

plain text) respectively. The idle disconnecting function is enabled.

Network diagram

Figure 1-12 Network diagram for AAA configuration with 802.1x and RADIUS enabled

Configuration procedure

Following configuration covers the major AAA/RADIUS configuration commands. Refer to AAA

Operation for the information about these commands. Configuration on the client and the RADIUS

servers is omitted.

# Enable 802.1x globally.

system-view

System View: return to User View with Ctrl+Z.

[Sysname] dot1x

# Enable 802.1x on Ethernet 1/0/1.

[Sysname] dot1x interface Ethernet 1/0/1

# Set the access control method to MAC-based (This operation can be omitted, as MAC-based is the

default).

[Sysname] dot1x port-method macbased interface Ethernet 1/0/1

# Create a RADIUS scheme named “radius1” and enter RADIUS scheme view.

[Sysname] radius scheme radius1

# Assign IP addresses to the primary authentication and accounting RADIUS servers.

[Sysname-radius-radius1] primary authentication 10.11.1.1

[Sysname-radius-radius1] primary accounting 10.11.1.2

# Assign IP addresses to the secondary authentication and accounting RADIUS server.