Huawei Quidway S3700 Series Configuration Manual page 98

Quidway S3700 Series Ethernet Switches
Configuration Guide - Security
# Configure the IP address and port number of the primary RADIUS authentication server.
[Quidway-radius-rd1] radius-server authentication 100.1.1.1 1812
# Configure the shared key of the RADIUS server.
[Quidway-radius-rd1] radius-server shared-key cipher hello
[Quidway-radius-rd1] quit
Step 2 Create an authentication scheme web1 and set the authentication method to RADIUS
authentication.
[Quidway] aaa
[Quidway–aaa] authentication-scheme web1
[Quidway-aaa-authen-1] authentication-mode radius
[Quidway-aaa-authen-1] quit
Step 3 Create a domain isp1 and bind the authentication scheme and RADIUS server template to the
domain.
[Quidway-aaa] domain isp1
[Quidway-aaa-domain-isp1] authentication-scheme web1
[Quidway-aaa-domain-isp1] accounting-scheme web1
[Quidway-aaa-domain-isp1] radius-server rd1
[Quidway-aaa-domain-isp1] quit
[Quidway-aaa] quit
Step 4 Configure ACL 3000 to reject the packets with the destination address 101.0.0.2.
[Quidway] acl 3000
[Quidway-acl-adv-3000] rule 0 deny ip destination 101.0.0.2 0
[Quidway-acl-adv-3000] quit
Step 5 Configure the 802.1x authentication.
# Enable the 802.1x authentication globally.
[Quidway] dot1x enable
Step 6 Verify the configuration.
After the user goes online successfully, ping the HTTP server from the PC to check whether
ACL 3000 takes effect.
[Quidway] ping 101.0.0.2
PING 101.0.0.2: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 10.0.0.1 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
----End
Configuration Files
#
sysname Quidway
#
dot1x enable
#
radius-server template rd1
radius-server shared-key cipher 3MQ*TZ,O3KCQ=^Q`MAF4<1!!
radius-server authentication 10.1.1.1 1812
radius-server accounting 100.1.1.2 1813
#
Issue 01 (2011-07-15) Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2 NAC Configuration
85