Configuration procedure – H3C Technologies H3C S5120 Series Switches User Manual

1-20

z

Set the username of the 802.1X user as localuser and the password as localpass and specify to

use clear text mode. Enable the idle cut function to log the user off whenever the user remains idle

for over 20 minutes.

Figure 1-10 Network diagram for 802.1X configuration

Configuration procedure

The following configuration procedure covers most AAA/RADIUS configuration commands for the

device, while configuration on the 802.1X client and RADIUS server are omitted. For information about

AAA/RADIUS configuration commands, refer to AAA Configuration.

# Configure the IP addresses for each interface. (Omitted)

# Add local access user localuser, enable the idle cut function, and set the idle cut interval.

<Switch> system-view

[Switch] local-user localuser

[Switch-luser-localuser] service-type lan-access

[Switch-luser-localuser] password simple localpass

[Switch-luser-localuser] authorization-attribute idle-cut 20

[Switch-luser-localuser] quit

# Create RADIUS scheme radius1 and enter its view.

[Switch] radius scheme radius1

# Configure the IP addresses of the primary authentication and accounting RADIUS servers.

[Switch-radius-radius1] primary authentication 10.1.1.1

[Switch-radius-radius1] primary accounting 10.1.1.1

# Configure the IP addresses of the secondary authentication and accounting RADIUS servers.

[Switch-radius-radius1] secondary authentication 10.1.1.2

[Switch-radius-radius1] secondary accounting 10.1.1.2

# Specify the shared key for the device to exchange packets with the authentication server.