H3C S5500-EI Series Security Configuration Manual page 204
Hide thumbs
Also See for S5500-EI Series:
- Operation manual (1529 pages) ,
- Configuration manual (490 pages) ,
- Quick start manual (91 pages)
Table of Contents
Advertisement
Configure the stateful failover function:
6.
# Configure the VLAN for stateful failover as VLAN 8.
[SwitchA] dhbk vlan 8
# Enable stateful failover and configure it to support the symmetric path.
[SwitchA] dhbk enable backup-type symmetric-path
Configuring Switch B
Configure VRRP:
1.
# Create VRRP group 1, and configure the virtual IP address of the VRRP group 1 as 9.9.1.1.
<SwitchB> system-view
[SwitchB] interface vlan-interface 10
[SwitchB–Vlan-interface10] vrrp vrid 1 virtual-ip 9.9.1.1
# Set the priority of VLAN-interface 10 in VRRP group 1 to 150.
[SwitchB–Vlan-interface10] vrrp vrid 1 priority 150
[SwitchB–Vlan-interface10] quit
# Create VRRP group 2, and configure the virtual IP address of the VRRP group 2 as 192.168.0.1.
[SwitchB] interface vlan-interface 20
[SwitchB–Vlan-interface20] vrrp vrid 2 virtual-ip 192.168.0.1
# Set the priority of VLAN-interface 20 in VRRP group 2 to 150.
[SwitchB–Vlan-interface20] vrrp vrid 2 priority 150
[SwitchB–Vlan-interface20] quit
Configure a RADIUS scheme:
2.
# Create RADIUS scheme rs1 and enter its view.
[SwitchB] radius scheme rs1
# Configure the server type for the RADIUS scheme. When using the CAMS/IMC server, configure
the RADIUS server type as extended.
[SwitchB-radius-rs1] server-type extended
# Specify the primary authentication server and primary accounting server, and configure the keys
for communication with the servers.
[SwitchB-radius-rs1] primary authentication 192.168.0.111
[SwitchB-radius-rs1] primary accounting 192.168.0.111
[SwitchB-radius-rs1] key authentication simple expert
[SwitchB-radius-rs1] key accounting simple expert
# Configure the access device to not carry the ISP domain name in the username sent to the
RADIUS server. (Optional, configure the username format as needed.)
[SwitchB-radius-rs1] user-name-format without-domain
[SwitchB-radius-rs1] quit
Configure an authentication domain:
3.
# Create ISP domain dm1 and enter its view.
[SwitchB] domain dm1
# Configure AAA methods for the ISP domain.
[SwitchB-isp-dm1] authentication portal radius-scheme rs1
[SwitchB-isp-dm1] authorization portal radius-scheme rs1
[SwitchB-isp-dm1] accounting portal radius-scheme rs1
[SwitchB-isp-dm1] quit
185
Advertisement
Table of Contents
Troubleshooting
