Configuration procedure – H3C Technologies H3C S5120 Series Switches User Manual
Page 439
1-33
z
Specify that a username sent to the RADIUS server carries the domain name. The username of the
user is dot1x@bbb.
z
After the host passes authentication, the authentication server assigns the host to VLAN 4.
z
The host registers a monthly service charging 120 dollars for up to 120 hours per month.
Figure 1-10 Configure AAA for 802.1X users by a RADIUS server
Configuration procedure
z
Configure the interfaces and VLANs as per
. Make sure that the host can get a new IP
address manually or automatically and can access resources in the authorized VLAN after passing
authentication.
z
This example assumes that the RADIUS server runs iMC PLAT 3.20-R2606, iMC UAM 3.60-E6206
and iMC CAMS 3.60-E6206.
1) Configure the RADIUS server
# Add an access device.
Log in to the iMC management platform, select the Service tab, and select Access Service > Access
Device from the navigation tree to enter the Access Device List page. Then, click Add to enter the
Add Access Device page and perform the following configurations:
z
Set the shared keys for authentication and accounting packets to expert
z
Specify the ports for authentication and accounting as 1812 and 1813 respectively
z
Select LAN Access Service as the service type
z
Select H3C as the access device type
z
Select the access device from the device list or manually add the device whose IP address is
10.1.1.2
z
Adopt the default settings for other parameters and click OK to finish the operation.
The IP address of the access device specified above must be the same as the source IP address of the
RADIUS packets sent from the device, which is the IP address of the outbound interface by default, or
otherwise the IP address specified with the nas-ip or radius nas-ip command.