Configuring The Aaa And Radius Protocols - 3Com 7700 Configuration Manual

Hide thumbs Also See for 7700:

Configuration manual (390 pages)

Installation manual (59 pages)

Datasheet (8 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

209

210

211

212

213

214

215

216

217

218

219

220

221

222

223

224

225

226

227

228

229

230

231

232

233

234

235

236

237

238

239

240

241

242

243

244

245

246

247

248

Table of Contents

Configuring the AAA

and RADIUS Protocols

[SW7700-radius-radius1] key authentication name

7 Set the encryption key when the system exchanges packets with the accounting

RADIUS server.

[SW7700-radius-radius1] key accounting money

8 Set the timeouts and times for the system to retransmit packets to the RADIUS

server.

[SW7700-radius-radius1] timer 5

[SW7700-radius-radius1] retry 5

9 Set the interval for the system to transmit real-time accounting packets to the

RADIUS server.

[SW7700-radius-radius1] timer realtime-accounting 15

10 Configure the system to transmit the user name to the RADIUS server after

removing the domain name.

[SW7700-radius-radius1] user-name-format without-domain

[SW7700-radius-radius1] quit

11 Create the user domain 3com163.net and enters isp configuration mode.

[SW7700] domain 3com163.net

12 Specify radius1 as the RADIUS server group for the users in the domain

3com163.net.

[SW7700-isp-3com163.net] radius-scheme radius1

13 Set a limit of 30 users to the domain 3com163.net.

[SW7700-isp-3com163.net] access-limit enable 30

14 Enable idle cut function for the user and set the idle cut parameter in the domain

3com163.net.

[SW7700-isp-3com163.net] idle-cut enable 50 5000

15 Add a local supplicant and sets its parameter.

[SW7700] local-user localuser

[SW7700-user-localuser] attribute service-type lan-access

[SW7700-user-localuser] password simple localpass

16 Enable the 802.1x globally.

[SW7700] dot1x

The Authentication, Authorization and Accounting (AAA) protocol provides a

uniform framework for configuring these three security functions and implements

network security management.

The network security mentioned here refers to access control and it includes:

Which user can access the network server

■

Which service can the authorized user enjoy

■

How to keep accounts for the user who is using network resource

■

AAA provides the following services:

Authenticates whether the user can access the network server.

■