H3C S5100-SI Operation Manual page 265

another packet to the RADIUS servers again if it sends a packet to the RADIUS server
and does not receive response for 5 seconds, with the maximum number of retries of
5. And the switch sends a real-time accounting packet to the RADIUS servers once in
every 15 minutes. A user name is sent to the RADIUS servers with the domain name
truncated.
The user name and password for local 802.1x authentication are "localuser" and
"localpass" (in plain text) respectively. The idle disconnecting function is enabled.
Network diagram
Figure 1-12 Network diagram for AAA configuration with 802.1x and RADIUS enabled
Configuration procedure
Following configuration covers the major AAA/RADIUS configuration commands. Refer to
AAA Operation for the information about these commands. Configuration on the client and
the RADIUS servers is omitted.
# Enable 802.1x globally.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] dot1x
# Enable 802.1x on GigabitEthernet 1/0/1.
[Sysname] dot1x interface GigabitEthernet 1/0/1
# Set the access control method to MAC-based (This operation can be omitted, as
MAC-based is the default).
[Sysname] dot1x port-method macbased interface GigabitEthernet 1/0/1
# Create a RADIUS scheme named "radius1" and enter RADIUS scheme view.
[Sysname] radius scheme radius1
# Assign IP addresses to the primary authentication and accounting RADIUS servers.
[Sysname-radius-radius1] primary authentication 10.11.1.1
1-22