Allow up to 16 OUI values to be configured and allow one terminal that uses any of the OUI values
•
to access the port in addition to an 802.1X user.
Figure 77 Network diagram
Configuration procedure
The following configuration steps cover some AAA/RADIUS configuration commands. For more
information about the commands, see Security Command Reference.
Configuration procedures for the host and RADIUS servers are not shown.
1.
Configure the RADIUS protocol:
# Configure a RADIUS scheme named radsun.
<Router> system-view
[Router] radius scheme radsun
[Router-radius-radsun] primary authentication 192.168.1.2
[Router-radius-radsun] primary accounting 192.168.1.3
[Router-radius-radsun] secondary authentication 192.168.1.3
[Router-radius-radsun] secondary accounting 192.168.1.2
[Router-radius-radsun] key authentication name
[Router-radius-radsun] key accounting money
[Router-radius-radsun] timer response-timeout 5
[Router-radius-radsun] retry 5
[Router-radius-radsun] timer realtime-accounting 15
[Router-radius-radsun] user-name-format without-domain
[Router-radius-radsun] quit
# Configure ISP domain sun to use RADIUS scheme radsun for authentication, authorization, and
accounting of all types of users. Specify that the ISP domain can contain up to 30 users.
[Router] domain sun
[Router-isp-sun] authentication default radius-scheme radsun
[Router-isp-sun] authorization default radius-scheme radsun
[Router-isp-sun] accounting default radius-scheme radsun
[Router-isp-sun] access-limit enable 30
[Router-isp-sun] quit
2.
Configure 802.1X:
# Set the 802.1X authentication method to CHAP. (This configuration is optional. By default, the
authentication method is CHAP for 802.1X.)
[Router] dot1x authentication-method chap
3.
Configure port security:
# Enable port security.
191