H3C S5600 Series Operation Manual page 656

Operation Manual – AAA
H3C S5600 Series Ethernet Switches
A user is connected to GigabitEthernet 1/0/1 on the switch.
The user adopts 802.1x client supporting EAD extended function.
You are required to configure the switch to use RADIUS server for remote user
authentication and use security policy server for EAD control on users.
The following are the configuration tasks:
Connect the RADIUS authentication server 10.110.91.164 and the switch, and
configure the switch to use port number 1812 to communicate with the server.
Configure the authentication server type to extended.
Configure the encryption password for exchanging messages between the switch
and RADIUS server to expert.
Configure the IP address 10.110.91.166 of the security policy server.
II. Network diagram
Figure 3-2 EAD configuration
III. Configuration procedure
# Configure 802.1x on the switch. Refer to "Configuring 802.1x" in 802.1x and System
Guard Configuration.
# Configure a domain.
<Sysname> system-view
[Sysname] domain system
[Sysname-isp-system] quit
# Configure a RADIUS scheme.
[Sysname] radius scheme cams
[Sysname-radius-cams] primary authentication 10.110.91.164 1812
[Sysname-radius-cams] accounting optional
[Sysname-radius-cams] key authentication expert
3-3
Chapter 3 EAD Configuration