Ead configuration example, Network requirements, Network diagram – H3C Technologies H3C S3100 Series Switches User Manual
Page 453: Configuration procedure
3-3
EAD Configuration Example
Network requirements
In
z
A user is connected to Ethernet 1/0/1 on the switch.
z
The user adopts 802.1x client supporting EAD extended function.
z
You are required to configure the switch to use RADIUS server for remote user authentication and
use security policy server for EAD control on users.
The following are the configuration tasks:
z
Connect the RADIUS authentication server 10.110.91.164 and the switch, and configure the switch
to use port number 1812 to communicate with the server.
z
Configure the authentication server type to extended.
z
Configure the encryption password for exchanging messages between the switch and RADIUS
server to “expert”.
z
Configure the IP address 10.110.91.166 of the security policy server.
Network diagram
Figure 3-2 EAD configuration
Ethernet1/0/1
Internet
User
Security Policy Servers
10.110.91.166
Virus Patch Servers
10.110.91.168
Authentication Servers
10.110.91.164
Configuration procedure
# Configure 802.1x on the switch. Refer to the section ”Configuring 802.1x” of 802.1x Configuration.
# Configure a domain.
<Sysname> system-view
[Sysname] domain system
[Sysname-isp-system] quit
# Configure a RADIUS scheme.
[Sysname] radius scheme cams
[Sysname-radius-cams] primary authentication 10.110.91.164 1812
[Sysname-radius-cams] accounting optional