Operation Manual - Security
Quidway S3500 Series Ethernet Switches Chapter 1 802.1x Configuration
Huawei Technologies Proprietary
1-15
The user name of the local 802.1x access user is localuser and the password is
localpass (input in plain text). The idle cut function is enabled.
II. Networking diagram
Supplicant
Authentication Servers
(RADIUS Server Cluster
IP Address: 10.11.1.1
10.11.1.2)
Internet
Authenticator
Switch
Supplicant
Authentication Servers
(RADIUS Server Cluster
IP Address: 10.11.1.1
10.11.1.2)
Internet
Authenticator
Switch
Supplicant
Authentication Servers
(RADIUS Server Cluster
IP Address: 10.11.1.1
10.11.1.2)
Internet
Authenticator
Switch
E0/1
Supplicant
Authentication Servers
(RADIUS Server Cluster
IP Address: 10.11.1.1
10.11.1.2)
Internet
Authenticator
Switch
Supplicant
Authentication Servers
(RADIUS Server Cluster
IP Address: 10.11.1.1
10.11.1.2)
Internet
Authenticator
Switch
Figure 1-2 Enabling 802.1x and RADIUS to perform AAA on the supplicant
III. Configuration procedure
Note:
The following examples concern most of the AAA/RADIUS configuration commands.
For details, refer to the chapter AAA and RADIUS Protocol Configuration.
The configurations of accessing user workstation and the RADIUS server are omitted.
# Enable the 802.1x performance on the specified port Ethernet 0/1.
[Quidway] dot1x interface Ethernet 0/1
# Set the access control mode. (This command could not be configured, when it is
configured as MAC-based by default.)
[Quidway] dot1x port-method macbased interface Ethernet 0/1
# Create the RADIUS scheme radius1 and enters its view.
[Quidway] radius scheme radius1
#Set IP address of the primary authentication/accounting RADIUS servers.
[Quidway-radius-radius1] primary authentication 10.11.1.1
[Quidway-radius-radius1] primary accounting 10.11.1.2
# Set the IP address of the second authentication/accounting RADIUS servers.
[Quidway-radius-radius1] secondary authentication 127.0.0.1 1645
[Quidway-radius-radius1] secondary accounting 10.11.1.1
To Next Page
Loading...
