Operation Manual – AAA & RADIUS & HWTACACS & EAD
Quidway S3900 Series Ethernet Switches-Release 1510 Chapter 2 EAD Configuration
Huawei Technologies Proprietary
2-3
z A user is connected to Ethernet1/0/1 of the switch
z The user adopts 802.1X client supporting H3C extended function
z By configuring the switch, user remote authentication is implemented through
RADIUS server and EAD control is achieved through security policy server.
The following are the configuration tasks:
z Connect the authentication server (RADIUS server) and the switch. The IP
address of the server is 10.110.91.164, and the switch adopts the port with port
number 1812 to communicate with the authentication server.
z Configure the authentication server type to huawei.
z Configure the encryption password for exchanging messages between the switch
and RADIUS server to “expert”.
z Configure the IP address of the security policy server to 10.110.91.166.
II. Network diagram
Ethernet 1/0/1
Security policy server
(IP Address:10.110.91.166 )
Virus patch server
(IP Address:10.110.91.168 )
Authentication server
(IP Address 10.110.91.164 )
Internet
Internet
User
Ethernet 1/0/1
Security policy server
(IP Address:10.110.91.166 )
Virus patch server
(IP Address:10.110.91.168 )
Authentication server
(IP Address 10.110.91.164 )
Internet
Internet
User
Ethernet 1/0/1
Security policy server
(IP Address:10.110.91.166 )
Virus patch server
(IP Address:10.110.91.168 )
Authentication server
(IP Address 10.110.91.164 )
Internet
Internet
Virus patch server
(IP Address:10.110.91.168 )
Authentication server
(IP Address 10.110.91.164 )
Internet
Internet
User
Figure 2-2 EAD configuration example
III. Configuration procedure
# Configure 802.1X on the switch. Refer to the 802.1X module in Quidway S3900
Series Ethernet Switches Operation Manual for detailed description.
# Configure domain.
<Quidway> system-view
[Quidway] domain system
[Quidway-isp-system] quit
# Configure RADIUS scheme.
To Next Page
Loading...
Need help?
General