Advanced port security mode configuration example, Network requirements, Configuring a radius scheme named system – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 346
333
Advanced port security mode configuration
example
Network requirements
As shown in
, a client is connected to the switch through port GigabitEthernet 1/0/1. The
switch authenticates the client with a RADIUS server. If the authentication succeeds, the client is
authorized to access the Internet.
•
The RADIUS server at 192.168.1.2 functions as the primary authentication server and the secondary
accounting server, and the RADIUS server at 192.168.1.3 functions as the secondary authentication
server and the primary accounting server. The shared key for authentication is name, and that for
accounting is money.
•
All users use the default authentication, authorization, and accounting methods of ISP domain
system.
•
The switch sends user names without domain names to the RADIUS server.
Configure port GigabitEthernet 1/0/1 of the switch to:
•
Allow only one 802.1X user to be authenticated.
•
Allow up to three OUI values to be configured and allow one terminal that uses any of the OUI
values to access the port in addition to an 802.1X user.
Figure 324 Network diagram
NOTE:
Configurations on the host and RADIUS servers are omitted.
Configuring a RADIUS scheme named system
1.
Select Authentication > RADIUS.
2.
Configure a RADIUS authentication server:
a.
Select the server type Authentication Server.
b.
Type 192.168.1.2 as the primary server IP address.
c.
Type 1812 as the primary server UDP port.
d.
Select active for the primary server status.
e.
Click Apply.