230 CHAPTER 17: 802.1X CONFIGURATION
Network diagram
Figure 76 Network diagram for AAA configuration with 802.1x and RADIUS enabled
Configuration procedure
n
Following configuration covers the major AAA/RADIUS configuration commands.
Refer to
“AAA Configuration” on page 245 for the information about these
commands. Configuration on the client and the RADIUS servers is omitted.
# Enable 802.1x globally.
<4210> system-view
System View: return to User View with Ctrl+Z.
[4210] dot1x
# Enable 802.1x on Ethernet 1/0/1 port.
[4210] dot1x interface Ethernet 1/0/1
# Set the access control method to be MAC-address-based (This operation can be
omitted, as MAC-address-based is the default).
[4210] dot1x port-method macbased interface Ethernet 1/0/1
# Create a RADIUS scheme named "radius1" and enter RADIUS scheme view.
[4210] radius scheme radius1
# Assign IP addresses to the primary authentication and accounting RADIUS
servers.
[4210-radius-radius1] primary authentication 10.11.1.1
[4210-radius-radius1] primary accounting 10.11.1.2
# Assign IP addresses to the secondary authentication and accounting RADIUS
server.
[4210-radius-radius1] secondary authentication 10.11.1.2
[4210-radius-radius1] secondary accounting 10.11.1.1
# Set the password for the switch and the authentication RADIUS servers to
exchange messages.
IP network
Supplicant
Authenticator
Ethernet 1/0/1
Authentication Servers
(IP Address:
10.11.1.1
10.11.1.2)
Switch
To Next Page
Loading...
