H3C S9500 Series Operation Manual page 1142

Operation Manual – 802.1x
H3C S9500 Series Routing Switches
III. Configuration procedure
Note:
The following examples concern most of the AAA/RADIUS configuration commands.
For details, refer to the AAA RADIUS HWTACACS Configuration part of this manual.
The configurations of access user workstation are omitted.
RADIUS server configuration is carried out in terms of RADIUS schemes. A RADIUS
scheme actually can either be a stand-alone RADIUS server or two mutually backed up
RADIUS servers with the same configuration and different IP addresses. So, for each
RADIUS scheme, you need to configure the IP addresses for the primary and
secondary RADIUS servers, and the shared key.
# Enable 802.1x globally.
[H3C] dot1x
# Enable the 802.1x performance on the specified port Ethernet 2/1/1.
[H3C] dot1x interface Ethernet 2/1/1
# Set the access control method to MAC-based. (Optional. MAC-based access control
is the default setting.)
[H3C] dot1x port-method macbased interface Ethernet 2/1/1
# Create the RADIUS scheme radius1 and enters its configuration mode.
[H3C] radius scheme radius1
# Set IP address of the primary authentication/accounting RADIUS servers.
[H3C-radius-radius1] primary authentication 10.11.1.1
[H3C-radius-radius1] primary accounting 10.11.1.2
# Set the IP address of the secondary authentication/accounting RADIUS servers.
[H3C-radius-radius1] secondary authentication 10.11.1.2
[H3C-radius-radius1] secondary accounting 10.11.1.1
# Set the encryption key when the system exchanges packets with the authentication
RADIUS server.
[H3C-radius-radius1] key authentication name
# Set the encryption key when the system exchanges packets with the accounting
RADIUS server.
[H3C-radius-radius1] key accounting money
# Set the interval and times for the system to retransmit packets to the RADIUS server.
[H3C-radius-radius1] timer 5
1-14
Chapter 1 802.1x Configuration