H3C S3100 Series Operation Manual page 482

Configure IP address pool 3, including the address range, lease and gateway address. A short lease is
recommended to shorten the time terminals use to re-acquire IP addresses after failing authentication
or being logged off.
[Switch] dhcp server ip-pool 3
[Switch-dhcp-pool-3] network 3.3.3.0 mask 255.255.255.0
[Switch-dhcp-pool-3] expired day 0 hour 0 minute 0 second 30
[Switch-dhcp-pool-3] gateway-list 3.3.3.1
[Switch-dhcp-pool-3] quit
2) Configure a RADIUS scheme
# Create a RADIUS scheme named rs1.
[Switch] radius scheme rs1
# Specify the server type for the RADIUS scheme, which must be extended when the CAMS server is
used.
[Switch-radius-rs1] server-type extended
# Specify the primary authentication and accounting servers and keys.
[Switch-radius-rs1] primary authentication 1.1.1.2
[Switch-radius-rs1] primary accounting 1.1.1.2
[Switch-radius-rs1] key authentication radius
[Switch-radius-rs1] key accounting radius
# Specify usernames sent to the RADIUS server to carry no domain names.
[Switch-radius-rs1] user-name-format without-domain
[Switch-radius-rs1] quit
3) Configure an ISP domain
# Create an ISP domain named triple.
[Switch] domain triple
# Configure the default AAA methods for all types of users in the domain.
[Switch-isp-triple] authentication radius-scheme rs1
[Switch-isp-triple] accounting radius-scheme rs1
[Switch-isp-triple] quit
# Configure domain triple as the default domain. If a username input by a user includes no ISP domain
name, the authentication scheme of the default domain is used.
[Switch] domain default enable triple
4) Configure MAC-VLAN function.
Configure the link type to hybrid of Ethernet 1/01/ and enable MAC-VLAN on this port.
[Switch] interface ethernet1/0/1
[Switch-Ethernet1/0/1] port link-type hybrid
[Switch-Ethernet1/0/1] mac-vlan enable
5) Configure MAC authentication
# Enable MAC authentication globally.
[Switch] mac-authentication
# Specify the ISP domain for MAC authentication.
[Switch] mac-authentication domain aabbcc.net
1-5