Network requirements, Configuration procedure – H3C Technologies H3C S3100 Series Switches User Manual

1-26

802.1X Mandatory Authentication Domain Configuration Example

Network Requirements

As shown in

Figure 1-13

, Host A (an 802.1X user) and Host B (a telnet user) are connected to the

Internet through Ethernet 1/0/1 and Ethernet 1/0/2 on Switch, respectively. It is required to implement

RADIUS authentication and local authentication for Host A and Host B (that do not support usernames

with suffixes) by performing the following configurations on Switch:

z

Host A belongs to domain aabbcc and Host B belongs to domain test; configure test as the default

domain on Switch and specify aabbcc as the mandatory authentication domain for Ethernet 1/0/1.

z

Configure Switch to use the RADIUS server, with IP address 10.110.91.164, to provide

authentication, authorization and accounting services. Specify aabbcc as the shared key for

Switch to exchange packets with the RADIUS server.

z

Configure hello as both the username and password for local authentication of Host B.

Figure 1-13 Network diagram for configuring RADIUS authentication of the telnet user

Configuration Procedure

# Enable telnet services on Switch.

system-view

[Switch] telnet server enable

# Create a local user named hello.

[Switch] local-user hello

[Switch-luser-hello] service-type telnet

[Switch-luser-hello] password simple hello

[Switch-luser-hello] quit

# Configure domain test as the default domain and perform local authentication for users of the domain.

[Switch] domain test

[Switch-isp-test] scheme local

[Switch-isp-test] quit

[Switch] domain default enable test

# Create a domain named aabbcc, and specify to use radius1 scheme to authenticate users of the

domain.

[Switch] domain aabbcc