3Com Switch 7700 Configuration Manual page 302

294 C 9: AAA
HAPTER AND
Example: 802.1x
Configuration
RADIUS O
PERATION
Perform the following configuration in system view.
Table 11 Enable/Disable a Quiet-Period Timer
Operation
Enable a quiet-period timer.
Disable a quiet-period timer
Displaying and Debugging 802.1x
Execute the display command in all views to display the VLAN configuration, and
to verify the configuration. Execute the reset command in user view to reset
802.1x statistics information. Execute the debugging command in user view to
debug the 802.1x module.
Table 12 Display and Debug 802.1x
Operation
Display the configuration, running and
statistics information of 802.1x
Reset the 802.1x statistics information
Enable the error/event/packet/all debugging of
802.1x
Disable the error/event/packet/all debugging
of 802.1x.
As shown in the following figure, the workstation is connected to the 1/0/2 of the
Switch 7700.
The switch administrator will enable 802.1x on all the ports to authenticate the
supplicants in order to control their access to the Internet. The access control
mode is based on the MAC address.
All the supplicants belong to the default domain 3com163.net, which can contain
up to 30 users. RADIUS authentication is performed first. If there is no response
from the RADIUS server, local authentication will be performed. For accounting, if
the RADIUS server fails to account, the user will be disconnected. In addition,
when the user is connected, the domain name does not follow the user name.
Normally, if the user's traffic is less than 2kbps, consistently, over a period of 20
minutes, they will be disconnected.
A server group, consisting of two RADIUS servers at 10.11.1.1 and 10.11.1.2, is
connected to the switch. The former one acts as the
primary-authentication/second-accounting server. The latter one acts as the
secondary-authentication/primary-accounting server. Set the encryption key as
"name" when the system exchanges packets with the authentication RADIUS
server, and "money" when the system exchanges packets with the accounting
RADIUS server. Configure the system to retransmit packets to the RADIUS server if
no response is received in 5 seconds. Retransmit the packet no more than 5 times
in all. Configure the system to transmit a real-time accounting packet to the
RADIUS server every 15 minutes. The system is instructed to transmit the user
name to the RADIUS server after removing the user domain name.
Command
dot1x quiet-period
undo dot1x quiet-period
Command
display dot1x [ sessions | statistics ] [
interface interface-list ]
reset dot1x statistics [interface
interface-list]
debugging dot1x {error | event | packet |
all}
undo debugging dot1x {error | event |
packet | all}