Ead configuration example, Network requirements, Network diagram – H3C Technologies H3C S3100 Series Switches User Manual

3-3

EAD Configuration Example

Network requirements

In

Figure 3-2

:

z

A user is connected to Ethernet 1/0/1 on the switch.

z

The user adopts 802.1x client supporting EAD extended function.

z

You are required to configure the switch to use RADIUS server for remote user authentication and

use security policy server for EAD control on users.

The following are the configuration tasks:

z

Connect the RADIUS authentication server 10.110.91.164 and the switch, and configure the switch

to use port number 1812 to communicate with the server.

z

Configure the authentication server type to extended.

z

Configure the encryption password for exchanging messages between the switch and RADIUS

server to “expert”.

z

Configure the IP address 10.110.91.166 of the security policy server.

Network diagram

Figure 3-2 EAD configuration

Ethernet1/0/1

Internet

User

Security Policy Servers

10.110.91.166

Virus Patch Servers

10.110.91.168

Authentication Servers

10.110.91.164

Configuration procedure

# Configure 802.1x on the switch. Refer to the section ”Configuring 802.1x” of 802.1x Configuration.

# Configure a domain.

system-view

[Sysname] domain system

[Sysname-isp-system] quit

# Configure a RADIUS scheme.

[Sysname] radius scheme cams

[Sysname-radius-cams] primary authentication 10.110.91.164 1812

[Sysname-radius-cams] accounting optional