Network diagram, Configuration procedure – H3C Technologies H3C S3100 Series Switches User Manual
Page 389
1-24
z
The switch is connected to a server comprising of two RADIUS servers whose IP addresses are
10.11.1.1 and 10.11.1.2. The RADIUS server with an IP address of 10.11.1.1 operates as the
primary authentication server and the secondary accounting server. The other operates as the
secondary authentication server and primary accounting server. The password for the switch and
the authentication RADIUS servers to exchange message is “name”. And the password for the
switch and the accounting RADIUS servers to exchange message is “money”. The switch sends
another packet to the RADIUS servers again if it sends a packet to the RADIUS server and does
not receive response for 5 seconds, with the maximum number of retries of 5. And the switch sends
a real-time accounting packet to the RADIUS servers once in every 15 minutes. A user name is
sent to the RADIUS servers with the domain name truncated.
z
The user name and password for local 802.1x authentication are “localuser” and “localpass” (in
plain text) respectively. The idle disconnecting function is enabled.
Network diagram
Figure 1-12 Network diagram for AAA configuration with 802.1x and RADIUS enabled
IP network
Supplicant
Authenticator
Ethernet 1/0/1
Authentication Servers
(IP Address:
10.11.1.1
10.11.1.2)
Switch
Configuration procedure
Following configuration covers the major AAA/RADIUS configuration commands. Refer to AAA
Operation Manual for the information about these commands. Configuration on the client and the
RADIUS servers is omitted.
# Enable 802.1x globally.
System View: return to User View with Ctrl+Z.
[Sysname] dot1x
# Enable 802.1x on Ethernet 1/0/1 port.
[Sysname] dot1x interface Ethernet 1/0/1
# Set the access control method to be MAC-address-based (This operation can be omitted, as
MAC-address-based is the default).
[Sysname] dot1x port-method macbased interface Ethernet 1/0/1