H3C S3100-52P Operation Manual page 387

Operation Manual – 802.1x and System Guard
H3C S3100-52P Ethernet switch
Note:
Following configuration covers the major AAA/RADIUS configuration commands. Refer
to AAA Operation for the information about these commands. Configuration on the
client and the RADIUS servers is omitted.
# Enable 802.1x globally.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] dot1x
# Enable 802.1x on Ethernet 1/0/1.
[Sysname] dot1x interface Ethernet 1/0/1
# Set the access control method to MAC-based (This operation can be omitted, as
MAC-based is the default).
[Sysname] dot1x port-method macbased interface Ethernet 1/0/1
# Create a RADIUS scheme named "radius1" and enter RADIUS scheme view.
[Sysname] radius scheme radius1
# Assign IP addresses to the primary authentication and accounting RADIUS servers.
[Sysname-radius-radius1] primary authentication 10.11.1.1
[Sysname-radius-radius1] primary accounting 10.11.1.2
# Assign IP addresses to the secondary authentication and accounting RADIUS server.
[Sysname-radius-radius1] secondary authentication 10.11.1.2
[Sysname-radius-radius1] secondary accounting 10.11.1.1
# Set the password for the switch and the authentication RADIUS servers to exchange
messages.
[Sysname-radius-radius1] key authentication name
# Set the password for the switch and the accounting RADIUS servers to exchange
messages.
[Sysname-radius-radius1] key accounting money
# Set the interval and the number of the retries for the switch to send packets to the
RADIUS servers.
[Sysname-radius-radius1] timer 5
[Sysname-radius-radius1] retry 5
# Set the timer for the switch to send real-time accounting packets to the RADIUS
servers.
[Sysname-radius-radius1] timer realtime-accounting 15
1-26
Chapter 1 802.1x Configuration