HPE FlexNetwork 10500 Series Security Configuration Manual page 97

# Enable 802.1X globally.
[SwitchA] dot1x
3. Configure the RADIUS server:
# Create a network access user named dot1x.
<SwitchB> system-view
[SwitchB] local-user dot1x class network
# Configure the password as 123456 in plaintext form.
[SwitchB-luser-network-dot1x] password simple 123456
# Configure VLAN 4 as the authorization VLAN.
[SwitchB-luser-network-dot1x] authorization-attribute vlan 4
[SwitchB-luser-network-dot1x] quit
# Configure the IP address of the RADIUS client as 10.1.1.2 and the shared key as expert in
plaintext form.
[SwitchB] radius-server client ip 10.1.1.2 key simple expert
# Activate the RADIUS server configuration.
[SwitchB] radius-server activate
Verifying the configuration
1. On the RADIUS server, display the activated RADIUS clients and users.
[SwitchB] display radius-server active-client
Total 1 RADIUS clients.
Client IP: 10.1.1.2
[SwitchB] display radius-server active-user dot1x
Total 1 RADIUS users matched.
Username: dot1x
Description: Not configured
Authorization attributes:
VLAN ID: 4
ACL number: Not configured
Validity period:
Expiration time: Not configured
2. On the host, use the dot1x user for 802.1X authentication.
If the user host runs the Windows built-in 802.1X client, configure the network connection
properties as follows:
a. Click the Authentication tab of the properties window.
b. Select the Enable IEEE 802.1X authentication for this network option.
c. Select MD5 challenge as the EAP type.
d. Click OK.
If the user host runs the iNode client, no advanced authentication options are required.
The user passes authentication after entering the correct user name and password on the
authentication page or the iNode client.
3. On the NAS, verify that the RADIUS server assigns the user access port to VLAN 4 after the
user passes authentication. (Details not shown.)
4. On the NAS, display online 802.1X user information.
[SwitchA] display dot1x connection
80