802.1X Configuration Example - H3C S5120-EI Series Operation Manual

To do...
Clear 802.1X statistics

802.1X Configuration Example

Network requirements
The access control method of macbased is required on the port GigabitEthernet 1/0/1 to control
clients.
All clients belong to default domain aabbcc.net, which can accommodate up to 30 users. RADIUS
authentication is performed at first, and then local authentication when no response from the
RADIUS server is received. If the RADIUS accounting fails, the device gets users offline.
A server group with two RADIUS servers is connected to the device. The IP addresses of the
servers are
authentication/secondary
authentication/primary accounting server.
Set the shared key for the device to exchange packets with the authentication server as name, and
that for the device to exchange packets with the accounting server as money.
Specify the device to try up to five times at an interval of 5 seconds in transmitting a packet to the
RADIUS server until it receives a response from the server, and to send real time accounting
packets to the accounting server every 15 minutes.
Specify the device to remove the domain name from the username before passing the username to
the RADIUS server.
Set the username of the 802.1X user as localuser and the password as localpass and specify to
use clear text mode. Enable the idle cut function to get the user offline whenever the user remains
idle for over 20 minutes.
Figure 1-10 Network diagram for 802.1X configuration
Configuration procedure
Use the command...
reset dot1x statistics
[ interface interface-list ]
10.1.1.1 and 10.1.1.2
accounting
respectively. Use
server, and the
1-19
Remarks
Available in user view
the former as the
latter as the secondary
primary