Displaying and maintaining 802.1x, 1x authentication configuration example – H3C Technologies H3C S12500-X Series Switches User Manual
Page 113
101
[Device-radius-radsun] primary accounting 192.168.1.3
[Device-radius-radsun] secondary authentication 192.168.1.3
[Device-radius-radsun] secondary accounting 192.168.1.2
[Device-radius-radsun] key authentication simple name
[Device-radius-radsun] key accounting simple money
[Device-radius-radsun] timer response-timeout 5
[Device-radius-radsun] retry 5
[Device-radius-radsun] timer realtime-accounting 15
[Device-radius-radsun] user-name-format without-domain
[Device-radius-radsun] quit
# Configure ISP domain sun.
[Device] domain sun
[Device-isp-sun] authentication lan-access radius-scheme radsun
[Device-isp-sun] authorization lan-access radius-scheme radsun
[Device-isp-sun] accounting lan-access radius-scheme radsun
[Device-isp-sun] quit
2.
Configure 802.1X:
# Set the 802.1X authentication method to CHAP. (This step is optional. By default, the
authentication method is CHAP for 802.1X.)
[Device] dot1x authentication-method chap
3.
Configure port security:
# Enable port security.
[Device] port-security enable
# Add five OUI values. (You can add up to 16 OUI values. The port permits only one user
matching one of the OUIs to pass authentication.)
[Device] port-security oui index 1 mac-address 1234-0100-1111
[Device] port-security oui index 2 mac-address 1234-0200-1111
[Device] port-security oui index 3 mac-address 1234-0300-1111
[Device] port-security oui index 4 mac-address 1234-0400-1111
[Device] port-security oui index 5 mac-address 1234-0500-1111
# Set the port security mode to userLoginWithOUI.
[Device] interface ten-gigabitethernet 1/0/1
[Device-Ten-GigabitEthernet1/0/1] port-security port-mode userlogin-withoui
[Device-Ten-GigabitEthernet1/0/1] quit
433B
Verifying the configuration
# Display the RADIUS scheme radsun.
[Device] display radius scheme radsun
RADIUS Scheme Name : radsun
Index : 0
Primary Auth Server:
IP : 192.168.1.2 Port: 1812 State: Active
VPN : Not configured
Primary Acct Server:
IP : 192.168.1.3 Port: 1813 State: Active
VPN : Not configured
Second Auth Server: