beautypg.com

H3C Technologies H3C S3100 Series Switches User Manual

Page 482

background image

1-5

Configure IP address pool 3, including the address range, lease and gateway address. A short lease is

recommended to shorten the time terminals use to re-acquire IP addresses after failing authentication

or being logged off.

[Switch] dhcp server ip-pool 3

[Switch-dhcp-pool-3] network 3.3.3.0 mask 255.255.255.0

[Switch-dhcp-pool-3] expired day 0 hour 0 minute 0 second 30

[Switch-dhcp-pool-3] gateway-list 3.3.3.1

[Switch-dhcp-pool-3] quit

2) Configure a RADIUS scheme

# Create a RADIUS scheme named rs1.

[Switch] radius scheme rs1

# Specify the server type for the RADIUS scheme, which must be extended when the CAMS server is

used.

[Switch-radius-rs1] server-type extended

# Specify the primary authentication and accounting servers and keys.

[Switch-radius-rs1] primary authentication 1.1.1.2

[Switch-radius-rs1] primary accounting 1.1.1.2

[Switch-radius-rs1] key authentication radius

[Switch-radius-rs1] key accounting radius

# Specify usernames sent to the RADIUS server to carry no domain names.

[Switch-radius-rs1] user-name-format without-domain

[Switch-radius-rs1] quit

3) Configure an ISP domain

# Create an ISP domain named triple.

[Switch] domain triple

# Configure the default AAA methods for all types of users in the domain.

[Switch-isp-triple] authentication radius-scheme rs1

[Switch-isp-triple] accounting radius-scheme rs1

[Switch-isp-triple] quit

# Configure domain triple as the default domain. If a username input by a user includes no ISP domain

name, the authentication scheme of the default domain is used.

[Switch] domain default enable triple

4) Configure MAC-VLAN function.

Configure the link type to hybrid of Ethernet 1/01/ and enable MAC-VLAN on this port.

[Switch] interface ethernet1/0/1

[Switch-Ethernet1/0/1] port link-type hybrid

[Switch-Ethernet1/0/1] mac-vlan enable

5) Configure MAC authentication

# Enable MAC authentication globally.

[Switch] mac-authentication

# Specify the ISP domain for MAC authentication.

[Switch] mac-authentication domain aabbcc.net

See also other documents in the category H3C Technologies Routers: