3Com 5500-SI Configuration Manual page 404
5500 series
Hide thumbs
Also See for 5500-SI:
- Datasheet (9 pages) ,
- Getting started manual (148 pages) ,
- Quick reference manual (59 pages)
Table of Contents
Advertisement
404
C
21: 802.1
HAPTER
C
X
ONFIGURATION
A server group, consisting of two RADIUS servers at 10.11.1.1 and 10.11.1.2
respectively, is connected to the switch. The former one acts as the
primary-authentication/second-accounting server. The latter one acts as the
secondary-authentication/primary-accounting server. Set the encryption key as
"name" when the system exchanges packets with the authentication RADIUS server
and "money" when the system exchanges packets with the accounting RADIUS
server. Configure the system to retransmit packets to the RADIUS server if no
response is received within 5 seconds. Retransmit the packet no more than 5 times in
all. Configure the system to transmit a real-time accounting packet to the RADIUS
server every 15 minutes. The system is instructed to transmit the user name to the
RADIUS server after removing the user domain name.
The user name of the local 802.1x access user is
(input in plain text). The idle cut function is enabled.
localpass
Networking Diagram
Figure 106 Enabling 802.1x and RADIUS to Perform AAA on the User
User
Supplicant
Supplicant
Supplicant
Supplicant
Supplicant
Configuration Procedure
The following examples concern most of the AAA/RADIUS configuration commands.
For details, refer to the chapter AAA and RADIUS Protocol Configuration.
The configurations of accessing user workstation and the RADIUS server are omitted.
1 Enable the 802.1x performance on the specified port Ethernet 1/0/1.
[SW5500]dot1x interface Ethernet 1/0/1
2 Set the access control mode. (This command could not be configured, when it is
configured as MAC-based by default.)
[SW5500]dot1x port-method macbased interface Ethernet 1/0/1
3 Create the RADIUS scheme radius1 and enters its view.
[SW5500]radius scheme radius1
4 Set IP address of the primary authentication/accounting RADIUS servers.
[SW5500-radius-radius1]primary authentication 10.11.1.1
[SW5500-radius-radius1]primary accounting 10.11.1.2
5 Set the IP address of the second authentication/accounting RADIUS servers.
[SW5500-radius-radius1]secondary authentication 10.11.1.2
[SW5500-radius-radius1]secondary accounting 10.11.1.1
Authentication Servers
Authentication Servers
Authentication Servers
Authentication Servers
Authentication Servers
(RADIUS Server Cluster
(RADIUS Server Cluster
(RADIUS Server Cluster
(RADIUS Server Cluster
(RADIUS Server Cluster
IP Address: 10.11.1.1
IP Address: 10.11.1.1
IP Address: 10.11.1.1
IP Address: 10.11.1.1
IP Address: 10.11.1.1
Switch
Switch
Switch
Switch
Switch
E1/0/1
Authenticator
Authenticator
Authenticator
Authenticator
Authenticator
and the password is
localuser
10.11.1.2)
10.11.1.2)
10.11.1.2)
10.11.1.2)
10.11.1.2)
Internet
Internet
Internet
Internet
Internet
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
