H3C Technologies H3C WX6000 Series Access Controllers User Manual

Page 152

Advertising
background image

19-13

1) Configure the RADIUS protocol

# Create a RADIUS scheme named radsun.

<AC> system-view

[AC] radius scheme radsun

# Set the IP addresses of the primary authentication and accounting servers to 192.168.1.1 and
192.168.1.2 respectively.

[AC-radius-radsun] primary authentication 192.168.1.1

[AC-radius-radsun] primary accounting 192.168.1.2

# Set the IP addresses of the secondary authentication and accounting servers to 192.168.1.2 and
192.168.1.1 respectively.

[AC-radius-radsun] secondary authentication 192.168.1.2

[AC-radius-radsun] secondary accounting 192.168.1.1

# Set the encryption key for the switch to use when interacting with the authentication server to name.

[AC-radius-radsun] key authentication name

# Set the encryption key for the switch to use when interacting with the accounting server to money.

[AC-radius-radsun] key accounting money

# Set the RADIUS server response timeout time to five seconds and the maximum number of RADIUS
packet retransmission attempts to 5.

[AC-radius-radsun] timer response-timeout 5

[AC-radius-radsun] retry 5

# Set the interval at which the switch sends real-time accounting packets to the RADIUS server to 15
minutes.

[AC-radius-radsun] timer realtime-accounting 15

# Specify that the switch sends user names without domain names to the RADIUS server.

[AC-radius-radsun] user-name-format without-domain

[AC-radius-radsun] quit

# Create an ISP domain named sun and enter its view.

[AC] domain sun

# Configure the ISP domain to use RADIUS scheme radsun as its default RADIUS scheme.

[AC-isp-sun] authentication default radius-scheme radsun

# Allow the ISP domain to accommodate up to 30 users.

[AC-isp-sun] access-limit enable 30

[AC-isp-sun] quit

2) Configure port security

# Enable port security.

[AC] port-security enable

# Add five OUI values.

[AC] port-security oui 1234-0100-1111 index 1

[AC] port-security oui 1234-0200-1111 index 2

[AC] port-security oui 1234-0300-1111 index 3

[AC] port-security oui 1234-0400-1111 index 4

[AC] port-security oui 1234-0500-1111 index 5

[AC] interface gigabitethernet 0/0/1

# Set the port security mode to userLoginWithOUI.

[AC-GigabitEthernet0/0/1] port-security port-mode userlogin-withoui

3) Verify the configuration

Advertising
Popular Brands
Popular manuals