Operation Manual – 802.1x
Quidway S5600 Series Ethernet Switches-Release 1510 Chapter 1
802.1x Configuration
Huawei Technologies Proprietary
1-19
You can clear 802.1x-related statistics information by executing the reset command in
user view.
Table 1-7 Display and debug 802.1x
Operation Command Description
Display the configuration,
session, and statistics
information about 802.1x
display dot1x [ sessions
| statistics ] [ interface
interface-list ]
You can execute the
display command in any
view
Clear 802.1x-related
statistics information
reset dot1x statistics
[ interface interface-list ]
You can execute the
reset command in user
view
1.7 Configuration Example
1.7.1 802.1x Configuration Example
I. Network requirements
z Authenticate users on all ports to control their accesses to the Internet. The switch
operates in MAC address-based access control mode. The access control mode
is MAC-address-based.
z All supplicant systems that pass the authentication belong to the default domain
named “aabbcc.net”. The domain can accommodate up to 30 users. As for
authentication, a supplicant system is authenticated locally if the RADIUS server
fails. And as for accounting, a supplicant system is disconnected by force if the
RADIUS server fails. The name of an authenticated supplicant system is not
suffixed with the domain name. A connection is terminated if the total size of the
data passes through it during a period of 20 minutes is less than 2,000 bytes. All
connected clients belong to the same default domain: aabbcc.net, which
accommodates up to 30 clients. Authentication is performed either on the RADIUS
server, or locally ( in case that the RADIUS server fails to respond). A client is
disconnected in one of the following two situations: RADIUS accounting fails; the
connected user has not included the domain name in the username, and there is a
continuous below 2000 bytes of traffic for over 20 minutes.
z The switch is connected to a server comprising of two RADIUS servers whose IP
addresses are 10.11.1.1 and 10.11.1.2. The RADIUS server with an IP address of
10.11.1.1 operates as the primary authentication server and the secondary
accounting server. The other operates as the secondary authentication server and
primary accounting server. The password for the switch and the authentication
RADIUS servers to exchange message is “name”. And the password for the switch
and the accounting RADIUS servers to exchange message is “money”. The switch
sends another packet to the RADIUS servers again if it sends a packet to the
RADIUS server and does not receive response for 5 seconds with a maximum
To Next Page
Loading...
