H3C Technologies H3C S10500 Series Switches User Manual

Page 66

Advertising
background image

51

[SwitchA-Vlan-interface104] pim dm

[SwitchA-Vlan-interface104] igmp enable

[SwitchA-Vlan-interface104] quit

# Create QoS policy policy1 to block multicast flows from Source 2 to 224.1.1.1.

[SwitchA] acl number 3001

[SwitchA-acl-adv-3001] rule permit udp source 2.1.1.1 0 destination 224.1.1.1 0

[SwitchA-acl-adv-3001] quit [SwitchA] traffic classifier classifier1

[SwitchA-classifier-classifier1] if-match acl 3001

[SwitchA-classifier-classifier1] quit

[SwitchA] traffic behavior behavior1

[SwitchA-behavior-behavior1] filter deny

[SwitchA-behavior-behavior1] quit

[SwitchA] qos policy policy1

[SwitchA-qospolicy-policy1] classifier classifier1 behavior behavior1

[SwitchA-qospolicy-policy1] quit

# Create user profile profile1, apply QoS policy policy1 to the inbound direction in user profile view, and
enable the user profile.

[SwitchA] user-profile profile1

[SwitchA-user-profile-profile1] qos apply policy policy1 inbound

[SwitchA-user-profile-profile1] quit

[SwitchA] user-profile profile1 enable

# Create RADIUS scheme scheme1; set the service type for the RADIUS server to extended; specify the

IP addresses of the primary authentication/authorization server and accounting server as 3.1.1.1; set the
shared keys to 123321; specify that no domain name is carried in a username sent to the RADIUS server.

[SwitchA] radius scheme scheme1

[SwitchA-radius-scheme1] server-type extended

[SwitchA-radius-scheme1] primary authentication 3.1.1.1

[SwitchA-radius-scheme1] key authentication 123321

[SwitchA-radius-scheme1] primary accounting 3.1.1.1

[SwitchA-radius-scheme1] key accounting 123321

[SwitchA-radius-scheme1] user-name-format without-domain

[SwitchA-radius-scheme1] quit

# Create ISP domain domain1; reference scheme1 for the authentication, authorization, and accounting
of LAN users; specify domain1 as the default ISP domain.

[SwitchA] domain domain1

[SwitchA-isp-domian1] authentication lan-access radius-scheme scheme1

[SwitchA-isp-domian1] authorization lan-access radius-scheme scheme1

[SwitchA-isp-domian1] accounting lan-access radius-scheme scheme1

[SwitchA-isp-domian1] quit

[SwitchA] domain default enable domain1

# Globally enable 802.1X and then enable it on GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2
respectively.

[SwitchA] dot1x

[SwitchA] interface gigabitethernet 1/0/1

[SwitchA-GigabitEthernet1/0/1] dot1x

[SwitchA-GigabitEthernet1/0/1] quit

[SwitchA] interface gigabitethernet 1/0/2

Advertising
This manual is related to the following products:

H3C S6800 Series Switches, H3C S6300 Series Switches, H3C S5800 Series Switches, H3C S5820X Series Switches, H3C S5820V2 Series Switches, H3C S5830 Series Switches, H3C S5830V2 Series Switches, H3C S3600V2 Series Switches, H3C WX3000E Series Wireless Switches

Popular Brands
Popular manuals