3Com Switch 4500 26-Port Configuration Manual page 223

Domain and RADIUS Scheme Creation
The Switch 4500 can have 1 or more domains created on it. A domain on the
Switch 4500 is similar to a windows domain. By default, there is one domain
created called "system". This uses the local scheme to validate users. The
information about the local domain can be seen by typing "display domain". For
example:
<4500>display domain
0 Domain = system
State = Active
Scheme = LOCAL
Access-limit = Disable
Domain User Template:
Idle-cut = Disable
Self-service = Disable
Messenger Time = Disable
This system domain uses the local scheme.
It is not recommended that you change the system domain, as it could result in
locking all users out of the switch. This could happen if you change the default
local scheme to use an external RADIUS server, which is unavailable.
1 A new RADIUS scheme should be created as follows:
[4500]radius scheme NewSchemeName
New Radius scheme
[4500-radius-NewSchemeName]
2 Next, we need to add the attributes of the RADIUS scheme. This involves
configuring the RADIUS server IP address and shared secret.
[4500-radius-NewSchemeName]key authentication mysharedsecret
[4500-radius-NewSchemeName]primary authentication 161.71.67.250
3 The RADIUS scheme will not become active unless an accounting server is also
defined. If you don't have an accounting server, then the RADIUS scheme needs to
have accounting set to "optional".
[4500-radius-NewSchemeName]accounting optional
4 Next, create a new domain as follows:
[4500]domain Demo
New Domain added.
[4500-isp-Demo]
5 Change the domain to use the new RADIUS scheme that you have configured:
[4500-isp-demo]radius-scheme NewSchemeName
And that completes the configuration of the new radius server and associating it
with a domain.
Network Login
Network login must first be enabled globally by issuing the command dot1x:
[4500-xx]dot1x
802.1X is enabled globally
(where is either EI or SI)
xx
AAA and RADIUS Protocol Configuration 221