Advanced port security mode configuration example, Network requirements, Configuring a radius scheme named system – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

333

Advanced port security mode configuration

example

Network requirements

As shown in

Figure 324

, a client is connected to the switch through port GigabitEthernet 1/0/1. The

switch authenticates the client with a RADIUS server. If the authentication succeeds, the client is

authorized to access the Internet.

•

The RADIUS server at 192.168.1.2 functions as the primary authentication server and the secondary
accounting server, and the RADIUS server at 192.168.1.3 functions as the secondary authentication

server and the primary accounting server. The shared key for authentication is name, and that for

accounting is money.

•

All users use the default authentication, authorization, and accounting methods of ISP domain
system.

•

The switch sends user names without domain names to the RADIUS server.

Configure port GigabitEthernet 1/0/1 of the switch to:

•

Allow only one 802.1X user to be authenticated.

•

Allow up to three OUI values to be configured and allow one terminal that uses any of the OUI
values to access the port in addition to an 802.1X user.

Figure 324 Network diagram

NOTE:

Configurations on the host and RADIUS servers are omitted.

Configuring a RADIUS scheme named system

1.

Select Authentication > RADIUS.

2.

Configure a RADIUS authentication server:

a.

Select the server type Authentication Server.

b.

Type 192.168.1.2 as the primary server IP address.

c.

Type 1812 as the primary server UDP port.

d.

Select active for the primary server status.

e.

Click Apply.