Operation Manual – 802.1x-System Guard
H3C S3100 Series Ethernet Switches Chapter 1 802.1x Configuration
1-23
1.6 Configuration Example
1.6.1 802.1x Configuration Example
I. Network requirements
z Authenticate users on all ports to control their accesses to the Internet. The switch
operates in MAC address-based access control mode.
z All supplicant systems that pass the authentication belong to the default domain
named “aabbcc.net”. The domain can accommodate up to 30 users. As for
authentication, a supplicant system is authenticated locally if the RADIUS server
fails. And as for accounting, a supplicant system is disconnected by force if the
RADIUS server fails. The name of an authenticated supplicant system is not
suffixed with the domain name. A connection is terminated if the total size of the
data passes through it during a period of 20 minutes is less than 2,000 bytes.
z The switch is connected to a server comprising of two RADIUS servers whose IP
addresses are 10.11.1.1 and 10.11.1.2. The RADIUS server with an IP address of
10.11.1.1 operates as the primary authentication server and the secondary
accounting server. The other operates as the secondary authentication server and
primary accounting server. The password for the switch and the authentication
RADIUS servers to exchange message is “name”. And the password for the
switch and the accounting RADIUS servers to exchange message is “money”. The
switch sends another packet to the RADIUS servers again if it sends a packet to
the RADIUS server and does not receive response for 5 seconds, with the
maximum number of retries of 5. And the switch sends a real-time accounting
packet to the RADIUS servers once in every 15 minutes. A user name is sent to
the RADIUS servers with the domain name truncated.
z The user name and password for local 802.1x authentication are “localuser” and
“localpass” (in plain text) respectively. The idle disconnecting function is enabled.
II. Network diagram
IP network
Supplicant
Authenticator
Ethernet 1/0/1
Authentication Servers
(IP Address:
10.11.1.1
10.11.1.2)
Switch
Figure 1-12 Network diagram for AAA configuration with 802.1x and RADIUS enabled
To Next Page
Loading...
Need help?
General