2-18
# Set the interval for the device to retransmit packets to the RADIUS server and the maximum number
of transmission attempts.
[Device-radius-radius1] timer response-timeout 5
[Device-radius-radius1] retry 5
# Set the interval for the device to send real time accounting packets to the RADIUS server.
[Device-radius-radius1] timer realtime-accounting 15
# Specify the device to remove the domain name of any username before passing the username to the
RADIUS server.
[Device-radius-radius1] user-name-format without-domain
[Device-radius-radius1] quit
# Create domain aabbcc.net and enter its view.
[Device] domain aabbcc.net
# Set radius1 as the RADIUS scheme for users of the domain and specify to use local authentication
as the secondary scheme.
[Device-isp-aabbcc.net] authentication default radius-scheme radius1 local
[Device-isp-aabbcc.net] authorization default radius-scheme radius1 local
[Device-isp-aabbcc.net] accounting default radius-scheme radius1 local
# Set the maximum number of users for the domain as 30.
[Device-isp-aabbcc.net] access-limit enable 30
# Enable the idle cut function and set the idle cut interval.
[Device-isp-aabbcc.net] idle-cut enable 20
[Device-isp-aabbcc.net] quit
# Configure aabbcc.net as the default domain.
[Device] domain default enable aabbcc.net
# Enable 802.1X globally.
[Device] dot1x
# Enable 802.1X for port GigabitEthernet 1/0/1.
[Device] interface GigabitEthernet 1/0/1
[Device-GigabitEthernet1/0/1] dot1x
[Device-GigabitEthernet1/0/1] quit
# Set the port access control method. (Optional. The default settings meet the requirement.)
[Device] dot1x port-method macbased interface GigabitEthernet 1/0/1
Guest VLAN and VLAN Assignment Configuration Example
Network requirements
As shown in Figure 2-11:
z A host is connected to port GigabitEthernet 1/0/2 of the device and must pass 802.1X
authentication to access the Internet. GigabitEthernet 1/0/2 is in VLAN 1.
z The authentication server runs RADIUS and is in VLAN 2.
z The update server, which is in VLAN 10, is for client software download and upgrade.
z Port GigabitEthernet 1/0/3 of the device, which is in VLAN 5, is for accessing the Internet.
To Next Page
Loading...
