Configuration procedure – H3C Technologies H3C S7500E Series Switches User Manual

5-26

z

Specify the device to remove the domain name from the username before passing the

username to the RADIUS server.

z

Set the username of the 802.1X user as localuser and the password as localpass and

specify to use clear text mode. Enable the idle cut function to log the user off whenever the

user remains idle for over 20 minutes.

Figure 5-9 Network diagram for 802.1X authentication configuration

Configuration procedure

The following configuration procedure covers most AAA/RADIUS configuration commands for

the device, while configuration on the 802.1X client and RADIUS server are omitted. For

information about AAA/RADIUS configuration commands, see AAA/RADIUS Configuration

Commands in the Security Command Reference.

# Configure the IP addresses for each interface. (Omitted)

# Add local access user localuser, enable the idle cut function, and set the idle cut interval.

<Device> system-view

[Device] local-user localuser

[Device-luser-localuser] service-type lan-access

[Device-luser-localuser] password simple localpass

[Device-luser-localuser] authorization-attribute idle-cut 20

[Device-luser-localuser] quit

# Create RADIUS scheme radius1 and enter its view.

[Device] radius scheme radius1

# Configure the IP addresses of the primary authentication and accounting RADIUS servers.

[Device-radius-radius1] primary authentication 10.1.1.1

[Device-radius-radius1] primary accounting 10.1.1.1

# Configure the IP addresses of the secondary authentication and accounting RADIUS servers.

[Device-radius-radius1] secondary authentication 10.1.1.2

[Device-radius-radius1] secondary accounting 10.1.1.2

# Specify the shared key for the device to exchange packets with the authentication server.