Example For Configuring The Radius Server To Deliver Authorization Acl - Huawei Quidway S3700 Series Configuration Manual

Quidway S3700 Series Ethernet Switches
Configuration Guide - Security
[Quidway-GigabitEthernet0/0/1] mac-authen max-user 100
[Quidway-GigabitEthernet0/0/1] quit
# Specify domain isp1 as the domain of the users that use MAC address authentication.
[Quidway] mac-authen domain isp1
Step 5 Verify the configuration.
Run the display mac-authen interface command on the Switch, and you can view the
configuration of MAC address authentication.
<Quidway> display mac-authen interface gigabitethernet 0/0/1
GigabitEthernet0/0/1 state: UP
Maximum users: 100
Current users: 2
Guest VLAN is disabled
----End
Configuration Files
#
sysname Quidway
#
mac-authen
mac-authen domain isp1
#
radius-server template rd1
radius-server shared-key cipher 3MQ*TZ,O3KCQ=^Q`MAF4<1!!
radius-server authentication 192.168.2.30 1812
radius-server retransmit 2
#
aaa
authentication-scheme web1
authentication-mode radius
domain isp1
authentication-scheme web1
radius-server rd1
#
interface GigabitEthernet0/0/1
mac-authen
mac-authen max-user 100
#
return
2.7.4 Example for Configuring the RADIUS Server to Deliver
Authorization ACL
Networking Requirements
As shown in
authentication server is a RADIUS server. An HTTP server is located on the Internet. After the
user goes online, the RADIUS server is required to deliver ACL. The user then is allowed to
connect to the Internet, but cannot access the HTTP server.
Issue 01 (2011-07-15)
Figure 2-5, the PC accesses the network using 802.1x authentication. The
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
MAC address authentication is enabled
2 NAC Configuration
83