H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 141

127

# Create an EAP profile, and specify the authentication method peap-mschapv2.

[AC] eap-profile default-profile

[AC-eap-prof-default-profile] ssl-server-policy 1

[AC-eap-prof-default-profile] method peap-mschapv2

[AC-eap-prof-default-profile] quit

# Specify the EAP profile for the local authentication server to use.

[AC] local-server authentication eap-profile default-profile

Configure user accounts for the 802.1X users on the AC:
# Add a local user with the username localuser, and password localpass in plain text. (Make sure
the username and password are the same as those configured on the RADIUS server.)

system-view

[AC] local-user localuser

[AC-luser-localuser] service-type lan-access

[AC-luser-localuser] password simple localpass

# Configure the idle cut function to log off any online user that has been idled for 20 minutes.

[AC-luser-localuser] authorization-attribute idle-cut 20

[AC-luser-localuser] quit

Configure a RADIUS scheme:
# Create the RADIUS scheme radius1 and enter its view.

[AC] radius scheme radius1

# Specify the IP addresses of the primary authentication and accounting RADIUS servers.

[AC-radius-radius1] primary authentication 10.1.1.1

[AC-radius-radius1] primary accounting 10.1.1.1

# Configure the IP addresses of the secondary authentication and accounting RADIUS servers.

[AC-radius-radius1] secondary authentication 10.1.1.2

[AC-radius-radius1] secondary accounting 10.1.1.2

# Specify the shared key between the AC and the authentication server.

[AC-radius-radius1] key authentication name

# Specify the shared key between the AC and the accounting server.

[AC-radius-radius1] key accounting name

# Set the interval for the AC to retransmit packets to the RADIUS server and the maximum number
of transmission attempts.

[AC-radius-radius1] timer response-timeout 5

[AC-radius-radius1] retry 5

# Set the interval for the AC to send real time accounting packets to the RADIUS server.

[AC-radius-radius1] timer realtime-accounting 15

# Exclude the ISP domain name from the username sent to the RADIUS servers.

[AC-radius-radius1] user-name-format without-domain

[AC-radius-radius1] quit

NOTE:

The AC must use the same username format as the RADIUS server. If the RADIUS server includes the ISP
domain name in the username, so must the AC.

Configure the ISP domain:

This manual is related to the following products:

H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points H3C S10500 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S12500 Series Switches H3C S9500E Series Switches H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C SR8800 H3C SR6600-X H3C SR6600 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000