Example For Configuring 802.1X Authentication - Huawei Quidway S3700 Series Configuration Manual

Quidway S3700 Series Ethernet Switches
Configuration Guide - Security
<Quidway> display web-auth-server configuration
Listening port
Portal
Include reply message : enabled
------------------------------------------------------------------------
Web-auth-server Name : isp1
IP-address
Shared-key
Port / PortFlag
URL
1 Web authentication server(s) in total
----End
Configuration Files
#
sysname Quidway
#
vlan batch 10
#
web-auth-server isp1
server-ip 10.1.1.1
port 50100
url http//www.isp1.com
#
radius-server template rd1
radius-server shared-key cipher 3MQ*TZ,O3KCQ=^Q`MAF4<1!!
radius-server authentication 192.168.2.30 1812
radius-server retransmit 2
#
aaa
authentication-scheme web1
authentication-mode radius
domain isp1
authentication-scheme web1
radius-server
#
interface Vlanif10
ip address 192.168.1.10 255.255.255.0
web-auth-server web
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 10
#
return

2.7.2 Example for Configuring 802.1x Authentication

Networking Requirements
As shown in
l
l
l
l
Issue 01 (2011-07-15)
: 192.168.1.20
: huawei
: 50100 / NO
: www.isp1.com
------------------------------------------------------------------------
rd1
Figure 2-3, the requirements are as follows:
802.1x authentication is performed for the user connected to GE 0/0/1 to control the user's
access to the Internet. The default access control mode is adopted, that is, the Switch
controls access of the user based on the MAC address of the user.
The authentication is performed by the RADIUS server.
The maximum number of users on GE 0/0/1 is 100.
MAC address bypass authentication is performed for the printer connected to GE 0/0/1.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
: 2000
: version 1, version 2
2 NAC Configuration
78