Triple authentication configuration, Triple authentication configuration example, Network requirement – H3C Technologies H3C S3100 Series Switches User Manual

1-3

Triple Authentication Configuration

Complete the following tasks to configure triple authentication:

Task

Remarks

For details

Configure 802.1X authentication Required

Refer to 802.1X and System-guard
Operation.

Configure MAC authentication

Required

Refer to MAC Address Authentication
Operation.

Configure Web authentication

Required

Refer to Web Authentication Operation.

Triple Authentication Configuration Example

Network Requirement

As shown in

Figure 1-2

, the terminals are connected to a switch to access the IP network. It is required

to configure triple authentication on the Ethernet port of the switch which connects to the terminals, so

that a terminal passing one of the three authentication methods, 802.1X authentication, Web

authentication and MAC authentication, can access the IP network. More specifically,

z

The terminals request IP addresses through DHCP. They use IP addresses in 192.168.1.0/24

before authentication and in 3.3.3.0/24 after passing authentication.

z

Use the remote RADIUS server to perform authentication, authorization and accounting and

configure the switch to send usernames carrying no ISP domain names to the RADIUS server.

z

The IP address of the local Web authentication server on the switch is 100.1.1.1.

z

Users passing authentication are added to VLAN 3, the authorized VLAN.

z

Users failing authentication are added to VLAN 2, the Auth-Fail VLAN, and are allowed to access

only the Update server.

Network Diargram

Figure 1-2 Network diagram for triple authentication supporting authorized VLAN assignment and

Auth-Fail VLAN