Configuration Example - Huawei Quidway S3500 Series Operation Manual

Operation Manual - Security
Quidway S3500 Series Ethernet Switches
reset command in user view to reset 802.1x statistics. Execute debugging command
in user view to debug 802.1x.
Table 1-17 Displaying and debugging 802.1x
Display the configuration, running
and statistics
802.1x
Reset
information
Enable the error/event/packet/all
debugging of 802.1x
Disable the error/event/packet/all
debugging of 802.1x.
1.4 802.1x Configuration Example
I. Networking requirements
As shown in the following figure, the workstation of a user is connected to the port
Ethernet 0/1 of the Switch.
The switch administrator will enable 802.1x on all the ports to authenticate the
supplicants so as to control their access to the Internet. The access control mode is
configured as based on the MAC address
All the supplicants belong to the default domain huawei163.net, which can contain up to
30 users. RADIUS authentication is performed first. If there is no response from the
RADIUS server, local authentication will be performed. For accounting, if the RADIUS
server fails to account, the user will be disconnected. In addition, when the user is
accessed, the domain name does not follow the user name. Normally, if the user's
traffic is less than 2kbps consistently over 20 minutes, he will be disconnected.
A server group, consisting of two RADIUS servers at 10.11.1.1 and 10.11.1.2
respectively, is connected to the switch. The former one acts as the
primary-authentication/secondary-accounting server. The latter one acts as the
primary-accounting server. Set the encryption key as "name" when the system
exchanges packets with the authentication RADIUS server and "money" when the
system exchanges packets with the accounting RADIUS server. Configure the system
to retransmit packets to the RADIUS server if no response received in 5 seconds.
Retransmit the packet no more than 5 times in all. Configure the system to transmit a
real-time accounting packet to the RADIUS server every 15 minutes. The system is
instructed to transmit the user name to the RADIUS server after removing the user
domain name.
Operation
information
the 802.1x statistics
Huawei Technologies Proprietary
display dot1x [ sessions | statistics ]
of
[ interface interface-list ]
reset dot1x
interface-list ]
debugging dot1x { error | event | packet |
all }
undo debugging dot1x { error | event |
packet | all }
1-14
Chapter 1 802.1x Configuration
Command
[
statistics interface