Configuring 802.1x, H3c implementation of 802.1x – H3C Technologies H3C S12500-X Series Switches User Manual
Page 99
87
Figure 33 Network diagram
420B
Configuration procedure
1.
Make sure the RADIUS server and the access device can reach each other.
2.
Create a shared account for MAC authentication users on the RADIUS server, and set the
username aaa and password 123456 for the account.
3.
Configure RADIUS-based MAC authentication on the device:
# Configure a RADIUS scheme.
<Device> system-view
[Device] radius scheme 2000
[Device-radius-2000] primary authentication 10.1.1.1 1812
[Device-radius-2000] primary accounting 10.1.1.2 1813
[Device-radius-2000] key authentication simple abc
[Device-radius-2000] key accounting simple abc
[Device-radius-2000] user-name-format without-domain
[Device-radius-2000] quit
# Apply the RADIUS scheme to ISP domain 2000 for authentication, authorization, and
accounting.
[Device] domain 2000
[Device-isp-2000] authentication default radius-scheme 2000
[Device-isp-2000] authorization default radius-scheme 2000
[Device-isp-2000] accounting default radius-scheme 2000
[Device-isp-2000] quit
# Enable MAC authentication globally.
[Device] mac-authentication
# Enable MAC authentication on port Ten-GigabitEthernet 1/0/1.
[Device] interface ten-gigabitethernet 1/0/1
[Device-Ten-GigabitEthernet1/0/1] mac-authentication
[Device-Ten-GigabitEthernet1/0/1] quit
# Specify the MAC authentication domain as the ISP domain 2000.
[Device] mac-authentication domain 2000
# Set MAC authentication timers.
[Device] mac-authentication timer offline-detect 180
[Device] mac-authentication timer quiet 180
# Specify username aaa and password 123456 in plain text for the account shared by MAC
authentication users.