H3C Technologies H3C S3100 Series Switches User Manual

Page 348

Advertising
background image

5-4

[SwitchB] igmp-snooping enable

# Create VLAN 103, assign Ethernet 1/0/1 through Ethernet 1/0/3 to this VLAN, and enable IGMP

snooping in this VLAN.

[SwitchB] vlan 103

[SwitchB-vlan103] port ethernet 1/0/1 to ethernet 1/0/3

[SwitchB-vlan103] igmp-snooping enable

[SwitchB-vlan103] quit

# Create a QoS profile profile1 to allow users to join or leave only one multicast group, 224.1.1.1.

[SwitchB] acl number 2001

[SwitchB-acl-basic-2001] rule permit source 224.1.1.1 0

[SwitchB-acl-basic-2001] quit

[SwitchB] qos-profile profile1

[SwitchB-qos-profile-profile1] igmp-snooping access-policy 2001

[SwitchB-qos-profile-profile1] quit

# Create a RADIUS scheme scheme1; set the service type for the RADIUS server to extended; specify

the IP addresses of the primary authentication/authorization server and accounting server as 2.1.1.1;

set the shared keys to 321123; specify that a username sent to the RADIUS server carry no domain

name.

[SwitchB] radius scheme scheme1

[SwitchB-radius-scheme1] server-type extended

[SwitchB-radius-scheme1] primary authentication 2.1.1.1

[SwitchB-radius-scheme1] key authentication 321123

[SwitchB-radius-scheme1] primary accounting 2.1.1.1

[SwitchB-radius-scheme1] key accounting 321123

[SwitchB-radius-scheme1] user-name-format without-domain

[SwitchB-radius-scheme1] quit

# Create an ISP domain domain1; reference scheme1 for the authentication, and accounting of LAN

users; specify domain1 as the default ISP domain.

[SwitchB] domain domain1

[SwitchB-isp-domian1] authentication lan-access radius-scheme scheme1

[SwitchB-isp-domian1] accounting lan-access radius-scheme scheme1

[SwitchB-isp-domian1] quit

[SwitchB] domain default enable domain1

# Globally enable 802.1x and then enable it on Ethernet 1/0/2 and Ethernet 1/0/3 respectively.

[SwitchB] dot1x

[SwitchB] interface ethernet 1/0/2

[SwitchB-Ethernet1/0/2] dot1x

[SwitchB-Ethernet1/0/2] quit

[SwitchB] interface ethernet 1/0/3

[SwitchB-Ethernet1/0/3] dot1x

[SwitchB-Ethernet1/0/3] quit

4) Configure the RADIUS server

On the RADIUS server, configure the parameters related to Switch B. For details, refer to the

configuration manual of the RADIUS server.

5) Verify the configuration

After the configurations, the hosts initiate 802.1x authentication. After passing authentication, Host A

sends messages to join multicast groups 224.1.1.1 and 224.1.1.2. Use the display igmp-snooping

group command to display information about IGMP snooping multicast groups. For example:

Advertising
Popular Brands
Popular manuals