Configuration procedure – H3C Technologies H3C WX3000 Series Unified Switches User Manual

23-20

Figure 23-12

Network diagram for AAA configuration with 802.1x and RADIUS enabled

Configuration procedure

Following configuration covers the major AAA/RADIUS configuration commands. Refer to AAA in H3C

WX3000 Series Unified Switches Switching Engine Command Reference

for the information about

these commands. Configuration on the client and the RADIUS servers is omitted.

# Enable 802.1x globally.

<device> system-view

System View: return to User View with Ctrl+Z.

[device] dot1x

# Enable 802.1x on GigabitEthernet 1/0/1 port.

[device] dot1x interface GigabitEthernet 1/0/1

# Set the access control method to be MAC-address-based (This operation can be omitted, as
MAC-address-based is the default).

[device] dot1x port-method macbased interface GigabitEthernet 1/0/1

# Create a RADIUS scheme named “radius1” and enter RADIUS scheme view.

[device] radius scheme radius1

# Assign IP addresses to the primary authentication and accounting RADIUS servers.

[device-radius-radius1] primary authentication 10.11.1.1

[device-radius-radius1] primary accounting 10.11.1.2

# Assign IP addresses to the secondary authentication and accounting RADIUS server.

[device-radius-radius1] secondary authentication 10.11.1.2

[device-radius-radius1] secondary accounting 10.11.1.1

# Set the password for the switch and the authentication RADIUS servers to exchange messages.

[device-radius-radius1] key authentication name

# Set the password for the switch and the accounting RADIUS servers to exchange messages.

[device-radius-radius1] key accounting money

# Set the interval and the number of the retries for the switch to send packets to the RADIUS servers.

[device-radius-radius1] timer 5