1-22
another packet to the RADIUS servers again if it sends a packet to the RADIUS server
and does not receive response for 5 seconds, with the maximum number of retries of
5. And the switch sends a real-time accounting packet to the RADIUS servers once in
every 15 minutes. A user name is sent to the RADIUS servers with the domain name
truncated.
z The user name and password for local 802.1x authentication are “localuser” and
“localpass” (in plain text) respectively. The idle disconnecting function is enabled.
Network diagram
Figure 1-12 Network diagram for AAA configuration with 802.1x and RADIUS enabled
Configuration procedure
Following configuration covers the major AAA/RADIUS configuration commands. Refer to
AAA Operation for the information about these commands. Configuration on the client and
the RADIUS servers is omitted.
# Enable 802.1x globally.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] dot1x
# Enable 802.1x on GigabitEthernet 1/0/1.
[Sysname] dot1x interface GigabitEthernet 1/0/1
# Set the access control method to MAC-based (This operation can be omitted, as
MAC-based is the default).
[Sysname] dot1x port-method macbased interface GigabitEthernet 1/0/1
# Create a RADIUS scheme named “radius1” and enter RADIUS scheme view.
[Sysname] radius scheme radius1
# Assign IP addresses to the primary authentication and accounting RADIUS servers.
[Sysname-radius-radius1] primary authentication 10.11.1.1
To Next Page
Loading...
