3-2
z Configuring the IP address of the security policy server.
z Associating the ISP domain with the RADIUS scheme.
EAD is commonly used in RADIUS authentication environment.
This section mainly describes the configuration of security policy server IP address. For other related
configuration, refer to
AAA Overview.
Follow these steps to configure EAD:
To do… Use the command… Remarks
Enter system view
system-view
—
Enter RADIUS scheme
view
radius scheme
radius-scheme-name
—
Configure the RADIUS
server type to extended
server-type extended
Required
Configure the IP address of
a security policy server
security-policy-server
ip-address
Required
Each RADIUS scheme supports
up to eight IP addresses of
security policy servers.
EAD Configuration Example
Network requirements
In Figure 3-2:
z A user is connected to GigabitEthernet 1/0/1 on the switch.
z The user adopts 802.1x client supporting EAD extended function.
z You are required to configure the switch to use RADIUS server for remote user authentication and
use security policy server for EAD control on users.
The following are the configuration tasks:
z Connect the RADIUS authentication server 10.110.91.164 and the switch, and configure the switch
to use port number 1812 to communicate with the server.
z Configure the authentication server type to extended.
z Configure the encryption password for exchanging messages between the switch and RADIUS
server to expert.
z Configure the IP address 10.110.91.166 of the security policy server.
To Next Page
Loading...
