213
Configuring the userLoginWithOUI mode
Network requirements
As shown in Figure 89, a client is connected to the Device through port Ethernet 1/0/1. The Device
authenticates the client with a RADIUS server. If the authentication succeeds, the client is authorized to
access the Internet.
• The RADIUS server at 192.168.1.2 functions as the primary authentication server and the secondary
accounting server, and the RADIUS server at 192.168.1.3 functions as the secondary authentication
server and the primary accounting server. The shared key for authentication is name, and that for
accounting is money.
• All users use the default authentication, authorization, and accounting methods of ISP domain sun,
which can accommodate up to 30 users.
• The RADIUS server response timeout time is five seconds and the maximum number of RADIUS
packet retransmission attempts is five. The Device sends real-time accounting packets to the RADIUS
server at an interval of 15 minutes, and sends usernames without domain names to the RADIUS
server.
Configure port Ethernet 1/0/1 of the Device to:
• Allow only one 802.1X user to be authenticated.
• Allow up to 16 OUI values to be configured and allow one terminal that uses any of the OUI values
to access the port in addition to an 802.1X user.
Figure 89 Network diagram
Configuration procedure
NOTE:
• The following configuration steps cover some AAA/RADIUS configuration commands. For more
information about the commands, see
Security Command Referenced
.
• Configurations on the host and RADIUS servers are not shown.
1. Configure the RADIUS protocol.
# Configure a RADIUS scheme named radsun.
<Device> system-view
[Device] radius scheme radsun
[Device-radius-radsun] primary authentication 192.168.1.2
[Device-radius-radsun] primary accounting 192.168.1.3
[Device-radius-radsun] secondary authentication 192.168.1.3
To Next Page
Loading...
Need help?
General