Deploying aaa configuration to h3c wired devices – H3C Technologies H3C Intelligent Management Center User Manual

297

The Deploy Configuration page appears.

3.

Click the icon in the Deploy Configuration column for AAA Configuration, Port Authentication
Configuration, or Commands.
The AAA Configuration, Port Authentication Configuration, or Commands page appears.

Deploying AAA configuration to H3C wired devices

1.

Access the AAA Configuration page.

2.

In the Basic Information area, configure the following parameters:

{

Accounting Update Interval—Enter the interval at which the devices send accounting update
packets to the RADIUS server, in minutes. The default setting is 12 minutes. If the number of

online users is large, HP recommends you setting the interval to 18 minutes.

{

Secondary RADIUS Server—Select this option if you want to configure a secondary RADIUS
server for the devices.

{

Server IP Address—Enter the IP address of the secondary RADIUS server for the devices. This
field becomes valid only when the Secondary RADIUS Server option is selected.

3.

Configure parameters in the Authentication Information area. This area does not appear on the
individual deployment page for a router. In batch deployment, this area is always displayed.

However, UAM does not deploy the authentication parameters to any selected routers.
The authentication parameters include:

{

802.1X Authentication—Select this option if you want to enable global 802.1X authentication
on the devices.

{

MAC Authentication—Select this option if you want to enable global MAC authentication on the
devices. When this option is selected, configure a domain for MAC authentication in the Service

Suffix area.

{

802.1X Authentication Mode—Select the protocol to use for 802.1X authentication. Options are
EAP, PAP, and CHAP. To support all UAM and EAD functions, select EAP.

{

MAC Authentication Format—Select the format of the user name to use for MAC authentication.
Options are Unchanged and Lower-case letters without separators. Select Unchanged if you

want the devices to send the user name in the original format. Select Lower-case letters without
separators if you want the devices to change the user name to lowercase and remove all

separators in it.

{

URL Redirect—Enter the redirect URL for HTTP access. The Web page specified by the URL is
pushed to the user who attempts to access a non-authentication-free network in the browser

without passing 802.1X authentication.

{

Free IP/Mask—Enter the authentication-free network segments and their respective mask length

or subnet masks in dotted decimal notation. UAM supports at most four network segments, one
per line.

4.

Configure domain information:

a.

In the Service Suffix area, click Add.
The Service Suffix page appears.

b.

Configure the following parameters:

−

Domain Name—Enter the name of the domain you want to create on the devices.

−

Service Suffix—This field is automatically populated with the domain name. If the domain
is used for 802.1X authentication, the domain name is included in the authentication
packets.