Displaying and maintaining 802.1x, 1x configuration example, Network requirements – H3C Technologies H3C S5120 Series Switches User Manual
Page 397
1-19
To do…
Use the command…
Remarks
Enter Ethernet interface view
interface interface-type
interface-number
—
Configure the Auth-Fail VLAN
for the port
dot1x auth-fail vlan
authfail-vlan-id
Required
By default, a port is configured
with no Auth-Fail VLAN.
Different ports can be configured with different Auth-Fail VLANs, but a port can be configured with only
one Auth-Fail VLAN.
Displaying and Maintaining 802.1X
To do…
Use the command…
Remarks
Display 802.1X session
information, statistics, or
configuration information of
specified or all ports
display dot1x [ sessions |
statistics ] [ interface
interface-list ]
Available in any view
Clear 802.1X statistics
reset dot1x statistics
[ interface interface-list ]
Available in user view
802.1X Configuration Example
Network requirements
z
It is required to use the access control method of macbased on the port GigabitEthernet1/0/1 to
control clients.
z
All clients belong to default domain aabbcc.net, which can accommodate up to 30 users. RADIUS
authentication is performed at first, and then local authentication when no response from the
RADIUS server is received. If the RADIUS accounting fails, the device logs users off.
z
A server group with two RADIUS servers is connected to the switch. The IP addresses of the
servers are 10.1.1.1 and 10.1.1.2 respectively. Use the former as the primary authentication/
accounting server, and the latter as the secondary authentication/ accounting server.
z
Set the shared key for the device to exchange packets with the authentication server as name, and
that for the device to exchange packets with the accounting server as money.
z
Specify the device to try up to five times at an interval of 5 seconds in transmitting a packet to the
RADIUS server until it receives a response from the server, and to send real time accounting
packets to the accounting server every 15 minutes.
z
Specify the device to remove the domain name from the username before passing the username to
the RADIUS server.