Creating a radius scheme, Creating a domain, Enabling mac address authentication – H3C Technologies H3C Intelligent Management Center User Manual

61

Creating a RADIUS scheme

An access device exchanges RADIUS packets with UAM according to the configured RADIUS scheme.

When you configure a RADIUS scheme, follow these guidelines:

•

The authentication server IP and the accounting server IP that you specified in the RADIUS scheme
must be the IP address of the UAM server.

•

The shared key and authentication/accounting port specified in the RADIUS scheme must be
consistent with those configured for the access device on UAM.

Creating a domain

When you configure a domain, follow these guidelines:

•

For MAC authentication, select LAN access as the endpoint authentication function.

•

The RADIUS scheme used by the domain must be configured as explained in the previous topic.

Enabling MAC address authentication

1.

Enable MAC address authentication globally and on an interface.

2.

Specify the domain created in the previous step for MAC address authentication.

Mute terminal configuration

No configuration is needed on a mute terminal.

LDAP authentication

In LDAP authentication, the LDAP server authenticates user identity. The combinations of LDAP

authentication and an authentication function include:

•

802.1X authentication and LDAP authentication

•

Portal authentication and LDAP authentication

•

VPN authentication and LDAP authentication

For these authentication combinations, the access device configuration on the endpoint configuration are

the same as those described in "

802.1X authentication and UAM local authentication

," "

Portal

authentication and UAM local authentication

," and "

VPN authentication and UAM local

authentication

." See

Figure 51

for an example of the configuration on UAM for LDAP authentication.