Configuration Guide 802.1x Configuration
Networking Requirements
To ensure the validity of network access, the following requirements must be met:
It is required that access users on each port must be subject to 1X authentication in order to control Internet access
(unauthenticated users won't be able to access network);
Only our client software (supplicant) can be used as the client for 802.1x authentication;
Accounting shall be based on online time, and accounting update packets will be periodically sent to Radius Server
(real-time accounting packets will be sent to RADIUS server every 15 minutes);
After sending the authentication request to RADIUS server, the device will resend the request if no reply is received
within 5 seconds, and will try for totally 6 times;
Online monitoring of users to prevent authenticated user from being preempted by other users and to detect whether
the user is disconnected;
To protect server from hostile attacks, the access user can only initialize re-authentication after 500 seconds if it fails
in authentication. Meanwhile, after trying for over 5 times, this user will be considered as disconnected and the
authentication process will end.
Configuration Tips
Turn on AAA switch and configure the communication between device and RADIUS SERVER; configure 802.1X
authentication and configure the device port for client access as controlled port (here we take port F0/1 as the
example); (corresponding to paragraph 1 of "Application Needs")
Filter non-Ruijie supplicant (corresponding to paragraph 2 of "Networking requirements")
Configure 802.1x accounting and accounting update, and configure the interval of accounting update packets
(corresponding to paragraph 3 of " Networking requirements ")
Configure the reply timeout timer of Radius Server as 5s, and configure the maximum authentication retries as 6
times (corresponding to paragraph 4 of " Networking requirements ")
Configure periodic re-authentication of device (corresponding to paragraph 5 of " Networking requirements ")
Configure the Quiet Period for failed authentication as 500s (waiting time) and configure the maximum authentication
retries as 5 times (corresponding to paragraph 6 of " Networking requirements ")
Configuration Steps
Step 1: Configure relevant attributes of Radius Server
7) Login SAM Security Accounting Management System and click "System Management - Device Management" to
insert information about NAS device. The required configurations include: "Device IP" - 192.168.217.81, "Device
To Next Page
Loading...
