HP 5120 EI Switch Series Configuration Manual page 163

Figure 48 Network diagram for configuring the userLoginWithOUI mode
192.168.1.1/24
Host
Configuration procedure
NOTE:

The following configuration steps cover some AAA/RADIUS configuration commands. For details about the
commands, see the chapter "AAA configuration commands."

Configurations on the host and RADIUS servers are not shown.
Configure the RADIUS protocol.
1.
# Configure a RADIUS scheme named radsun.
<Switch> system-view
[Switch] radius scheme radsun
[Switch-radius-radsun] primary authentication 192.168.1.2
[Switch-radius-radsun] primary accounting 192.168.1.3
[Switch-radius-radsun] secondary authentication 192.168.1.3
[Switch-radius-radsun] secondary accounting 192.168.1.2
[Switch-radius-radsun] key authentication name
[Switch-radius-radsun] key accounting money
[Switch-radius-radsun] timer response-timeout 5
[Switch-radius-radsun] retry 5
[Switch-radius-radsun] timer realtime-accounting 15
[Switch-radius-radsun] user-name-format without-domain
[Switch-radius-radsun] quit
# Configure ISP domain sun to use RADIUS scheme radsun for authentication, authorization, and
accounting of all types of users. Specify that the ISP domain can contain up to 30 users.
[Switch] domain sun
[Switch-isp-sun] authentication default radius-scheme radsun
[Switch-isp-sun] authorization default radius-scheme radsun
[Switch-isp-sun] accounting default radius-scheme radsun
[Switch-isp-sun] access-limit enable 30
[Switch-isp-sun] quit
Configure 802.1X.
2.
# Set the 802.1X authentication method to CHAP. (This configuration is optional. By default, the
authentication method is CHAP for 802.1X.)
[Switch] dot1x authentication-method chap
Configure port security.
3.
Authentication servers
(192.168.1.2/24
192.168.1.3/24)
GE1/0/1
Switch
Internet
153