802.1X Mandatory Authentication Domain Configuration Example - H3C S3100 Series Operation Manual

802.1X Mandatory Authentication Domain Configuration Example

Network Requirements
As shown in Figure
Internet through Ethernet 1/0/1 and Ethernet 1/0/2 on Switch, respectively. It is required to implement
RADIUS authentication and local authentication for Host A and Host B (that do not support usernames
with suffixes) by performing the following configurations on Switch:
Host A belongs to domain aabbcc and Host B belongs to domain test; configure test as the default
domain on Switch and specify aabbcc as the mandatory authentication domain for Ethernet 1/0/1.
Configure Switch to use the RADIUS server, with IP address 10.110.91.164, to provide
authentication, authorization and accounting services. Specify aabbcc as the shared key for
Switch to exchange packets with the RADIUS server.
Configure hello as both the username and password for local authentication of Host B.
Figure 1-13 Network diagram for configuring RADIUS authentication of the telnet user
Configuration Procedure
# Enable telnet services on Switch.
<Switch> system-view
[Switch] telnet server enable
# Create a local user named hello.
[Switch] local-user hello
[Switch-luser-hello] service-type telnet
[Switch-luser-hello] password simple hello
[Switch-luser-hello] quit
# Configure domain test as the default domain and perform local authentication for users of the domain.
[Switch] domain test
[Switch-isp-test] scheme local
[Switch-isp-test] quit
[Switch] domain default enable test
# Create a domain named aabbcc, and specify to use radius1 scheme to authenticate users of the
domain.
[Switch] domain aabbcc
1-13, Host A (an 802.1X user) and Host B (a telnet user) are connected to the
1-26