Configuring the AAA
and RADIUS Protocols
[SW7700-radius-radius1] key authentication name
7 Set the encryption key when the system exchanges packets with the accounting
RADIUS server.
[SW7700-radius-radius1] key accounting money
8 Set the timeouts and times for the system to retransmit packets to the RADIUS
server.
[SW7700-radius-radius1] timer 5
[SW7700-radius-radius1] retry 5
9 Set the interval for the system to transmit real-time accounting packets to the
RADIUS server.
[SW7700-radius-radius1] timer realtime-accounting 15
10 Configure the system to transmit the user name to the RADIUS server after
removing the domain name.
[SW7700-radius-radius1] user-name-format without-domain
[SW7700-radius-radius1] quit
11 Create the user domain 3com163.net and enters isp configuration mode.
[SW7700] domain 3com163.net
12 Specify radius1 as the RADIUS server group for the users in the domain
3com163.net.
[SW7700-isp-3com163.net] radius-scheme radius1
13 Set a limit of 30 users to the domain 3com163.net.
[SW7700-isp-3com163.net] access-limit enable 30
14 Enable idle cut function for the user and set the idle cut parameter in the domain
3com163.net.
[SW7700-isp-3com163.net] idle-cut enable 50 5000
15 Add a local supplicant and sets its parameter.
[SW7700] local-user localuser
[SW7700-user-localuser] attribute service-type lan-access
[SW7700-user-localuser] password simple localpass
16 Enable the 802.1x globally.
[SW7700] dot1x
The Authentication, Authorization and Accounting (AAA) protocol provides a
uniform framework for configuring these three security functions and implements
network security management.
The network security mentioned here refers to access control and it includes:
Which user can access the network server
■
Which service can the authorized user enjoy
■
How to keep accounts for the user who is using network resource
■
AAA provides the following services:
Authenticates whether the user can access the network server.
■
Configuring the AAA and RADIUS Protocols
185