H3C Technologies H3C S10500 Series Switches User Manual

Page 309

Advertising
background image

294

[SwitchA-GigabitEthernet1/0/1] dot1x

[SwitchA-GigabitEthernet1/0/1] quit

[SwitchA] interface gigabitethernet 1/0/2

[SwitchA-GigabitEthernet1/0/2] dot1x

[SwitchA-GigabitEthernet1/0/2] quit

3.

Configure Switch B

# Globally enable MLD snooping.

<SwitchB> system-view

[SwitchB] mld-snooping

[SwitchB-mld-snooping] quit

# Create VLAN 104, assign GigabitEthernet 1/0/1 through GigabitEthernet 1/0/3 to this VLAN, and
enable MLD snooping in this VLAN.

[SwitchB] vlan 104

[SwitchB-vlan104] port gigabitethernet 1/0/1 to gigabitethernet 1/0/3

[SwitchB-vlan104] mld-snooping enable

[SwitchB-vlan104] quit

# Create a user profile profile2 and configure the user profile so that users can join or leave only one IPv6
multicast group, FF1E::101. Then, enable the user profile.

[SwitchB] acl ipv6 number 2001

[SwitchB-acl6-basic-2001] rule permit source ff1e::101 128

[SwitchB-acl6-basic-2001] quit

[SwitchB] user-profile profile2

[SwitchB-user-profile-profile2] mld-snooping access-policy 2001

[SwitchB-user-profile-profile2] quit

[SwitchB] user-profile profile2 enable

# Create a RADIUS scheme scheme2; set the service type for the RADIUS server to extended; specify the
IP addresses of the primary authentication/authorization server and accounting server as 3::1; set the

shared keys to 321123; specify that a username sent to the RADIUS server carry no domain name.

[SwitchB] radius scheme scheme2

[SwitchB-radius-scheme2] server-type extended

[SwitchB-radius-scheme2] primary authentication 3::1

[SwitchB-radius-scheme2] key authentication 321123

[SwitchB-radius-scheme2] primary accounting 3::1

[SwitchB-radius-scheme2] key accounting 321123

[SwitchB-radius-scheme2] user-name-format without-domain

[SwitchB-radius-scheme2] quit

# Create an ISP domain domain2; reference scheme2 for the authentication, authorization, and
accounting for LAN users; specify domain2 as the default ISP domain.

[SwitchB] domain domain2

[SwitchB-isp-domian2] authentication lan-access radius-scheme scheme2

[SwitchB-isp-domian2] authorization lan-access radius-scheme scheme2

[SwitchB-isp-domian2] accounting lan-access radius-scheme scheme2

[SwitchB-isp-domian2] quit

[SwitchB] domain default enable domain2

# Globally enable 802.1X and then enable it on GigabitEthernet 1/0/2 and GigabitEthernet 1/0/3

respectively.

Advertising
This manual is related to the following products:

H3C S6800 Series Switches, H3C S6300 Series Switches, H3C S5800 Series Switches, H3C S5820X Series Switches, H3C S5820V2 Series Switches, H3C S5830 Series Switches, H3C S5830V2 Series Switches, H3C S3600V2 Series Switches, H3C WX3000E Series Wireless Switches

Popular Brands
Popular manuals