H3C Technologies H3C S3100 Series Switches User Manual
Page 616
2-5
[Sysname] radius scheme radius1
[Sysname-radius-radius1] primary authentication 10.11.1.1
[Sysname-radius-radius1] primary accounting 10.11.1.2
[Sysname-radius-radius1] secondary authentication 10.11.1.2
[Sysname-radius-radius1] secondary accounting 10.11.1.1
# Set the encryption passwords for the switch to exchange packets with the authentication RADIUS
servers and accounting RADIUS servers.
[Sysname-radius-radius1] key authentication money
[Sysname-radius-radius1] key accounting money
# Configure the switch to delete the user domain name from the user name and then send the user
name to the RADIUS sever.
[Sysname-radius-radius1] user-name-format without-domain
[Sysname-radius-radius1] quit
# Create the user domain test.net and specify radius1 as your RADIUS server group.
[Sysname] domain test.net
[Sysname-isp-test.net] radius-scheme radius1
[Sysname-isp-test.net] quit
# Create ACL 3000 to permit IP packets destined for any IP address.
[Sysname] acl number 3000
[Sysname-acl-adv-3000] rule 1 permit ip destination any
[Sysname-acl-adv-3000] quit
# Define a QoS profile named “example” to limit the rate of matched packets to 128 kbps and
configuring to drop the packets exceeding the target packet rate.
[Sysname] qos-profile example
[Sysname-qos-profile-example] traffic-limit inbound ip-group 3000 128 exceed drop
# Enable 802.1x.
[Sysname] dot1x
[Sysname] dot1x interface Ethernet1/0/1
After the configuration, the QoS profile named “example” will be applied to the user with user name
“someone” automatically after the user passes the authentication.