Configuration Examples; 802.1X Configuration Example - 3Com Baseline 2928 PWR Plus User Manual

Configuration Examples

802.1X Configuration Example

Network requirements
As shown in Figure
It is required to perform 802.1X authentication on port GigabitEthernet 1/0/1 to control user access
to the Internet, configure the access control method as MAC address based on the port, and
enable periodic re-authentication of online users on the port, so that the server can periodically
update the authorization information of the users.
All users belong to default domain test. RADIUS authentication is performed. If RADIUS
accounting fails, the switch gets the corresponding user offline. The RADIUS servers run iMC.
A server group with two RADIUS servers is connected to the switch. The IP addresses of the
servers are
authentication/secondary
authentication/primary accounting server.
Set the shared key for the device to exchange packets with the authentication server as name, and
that for the device to exchange packets with the accounting server as money.
Specify the device to try up to five times at an interval of 5 seconds in transmitting a packet to the
RADIUS server until it receives a response from the server, and to send real time accounting
packets to the accounting server every 15 minutes.
Specify the device to remove the domain name from the username before passing the username to
the RADIUS server.
Figure 1-12 Network diagram for 802.1X configuration
Configuration procedure
The following configuration procedure involves RADIUS client configuration for the switch, while
configurations on the RADIUS servers are omitted. For information about RADIUS configuration, refer
to RADIUS Configuration.
1) Configure the IP addresses of the interfaces. (omitted)
2) Configure 802.1X
# Enable 802.1X globally.
From the navigation tree, select Authentication > 802.1X to enter the 802.1X configuration page.
1-12:
10.1.1.1 and 10.1.1.2
accounting
respectively. Use
server, and the
1-14
the former as the
latter as the secondary
primary