H3C S3610-28P Operation Manual page 890

Operation Manual – 802.1x-HABP-MAC Authentication
H3C S3610&S5510 Series Ethernet Switches
A server group with two RADIUS servers is connected to the switch. The IP
addresses of the servers are 10.1.1.1 and 10.1.1.2 respectively. Use the former as
the primary authentication/secondary accounting server, and the latter as the
secondary authentication/primary accounting server.
Set the shared key for the switch to exchange packets with the authentication
server as name, and that for the switch to exchange packets with the accounting
server as money.
Specify the switch to try up to five times at an interval of 5 seconds in transmitting
a packet to the RADIUS server until it receives a response from the server, and to
send real time accounting packets to the accounting server every 15 minutes.
Specify the switch to remove the domain name from the username before passing
the username to the RADIUS server.
Set the username of the 802.1x user as localuser and the password as localpass
and specify to use plain text mode. Enable the idle cut function to get the user
offline whenever the user remains idle for over 20 minutes.
II. Network diagram
Figure 1-10 Network diagram for 802.1x configuration
III. Configuration procedure
Note:
The following configuration procedure covers most AAA/RADIUS configuration
commands for the authenticator, while configuration on the supplicant and RADIUS
server are omitted. For information about AAA/RADIUS configuration commands, refer
to AAA RADIUS HWTACACS Configuration.
# Configure the IP addresses for each interface. (Omitted)
# Add local access user localuser, enable the idle cut function, and set the idle cut
interval.
1-19
Chapter 1 802.1x Configuration