beautypg.com

Radius configuration example, Network requirements – H3C Technologies H3C SecPath F1000-E User Manual

Page 420

background image

12

Item

Description

EAD Offload Function

Enable or disable the EAP offload function.
As some RADIUS servers do not support EAP authentication, that is, do

not support processing EAP packets, it is necessary to preprocess EAP

packets sent from clients on the access device. The preprocessing of EAP
packets is referred to as EAP offload for RADIUS.
After receiving an EAP packet, the access device enabled with the EAP
offload function will first convert the authentication information in the EAP

packet into the corresponding RADIUS attributes through the local EAP

server, then encapsulate the EAP packet into a RADIUS request and send
the request to the RADIUS server for authentication. When the RADIUS

server receives the request, it will analyze the carried authentication

information, encapsulate the authentication result in the RADIUS packet,

and then send the packet to the local EAP server on the access device for
subsequent interaction with the client.

IMPORTANT:

Because the EAP packet preprocessing is implemented through the
local EAP authentication server, it is required to configure the local
EAP authentication server on the access device, specifying the EAP
authentication method as PEAP-MSCHAPv2.

Table 6 Relationship between the real-time accounting interval and the number of users

Number of users

Real-time accounting interval (in minutes)

1 to 99

3

100 to 499

6

500 to 999

12

ƒ

1000

ƒ

15


Return to

RADIUS configuration steps

.

RADIUS Configuration Example

Network requirements

As shown in

Figure 7

, connect the Telnet user to the device and the device to the RADIUS server.

Run the CAMS/iMC Server on the RADIUS server to provide authentication, authorization, and

accounting services for Telnet users. The IP address of the RADIUS server is 10.1.1.1/24.

Set the shared keys for authentication, authorization, and accounting packets exchanged between
the device and the RADIUS server to expert and specify the ports for authentication/authorization
and accounting as 1812 and 1813 respectively.

Specify that a username sent to the RADIUS server carries the domain name.

Add an account on the RADIUS server, with the username and password being hello@bbb and
abc. Configure to authorize the Telnet user logging in using the account with the privilege level of
3.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: