Huawei Quidway S5600 Series Operation Manual page 523

Operation Manual – 802.1x
Quidway S5600 Series Ethernet Switches-Release 1510
number of retries of 5. And the switch sends a real-time accounting packet to the
RADIUS servers once in every 15 minutes. A user name is sent to the RADIUS
servers with the domain name truncated. Connected to the switch is a server
group comprised of two RADIUS servers whose IP addresses are 10.11.1.1 and
10.11.1.2 respectively, with the former being the primary authentication and the
secondary counting server, and the latter the secondary authentication and the
primary counting server. Configure the interaction password between the switch
and the authenticating RADIUS server to be "name", and "money" for interaction
between the switch and the counting RADIUS. Configure the waiting period for the
switch to resend packets to the RADIUS server to be 5 seconds, that is, if after 5
seconds the RADIUS still has not sent any responses back, the switch will resend
packets. Configure the number of times that a switch resends packets to the
RADIUS server to be 5. Configure the switch to send real-time counting packets to
the RADIUS server every 15 minutes with the domain names removed from the
user name beforehand.
The user name and password for local 802.1x authentication are "localuser" and
"localpass" (in plain text) respectively. The idle disconnecting function is enabled.
II. Network diagram
Supplicant Supplicant
Figure 1-11 Network diagram for AAA configuration with 802.1x and RADIUS enabled
III. Configuration procedure
Authentication s Authentication s
(RADIUS Serv (RADIUS Serv
IP Address: 10.11. IP Address: 10.11.
Switch Switch
Authenticator Authenticator
Huawei Technologies Proprietary
1-20
Chapter 1 802.1x Configuration
ervers ervers
er Cluster er Cluster
1.1 1.1
10. 10. 11.1.2) 11.1.2)
Internet Internet