H3C S3100-52P Operation Manual page 453

Operation Manual – AAA
H3C S3100-52P Ethernet switch
A user is connected to Ethernet 1/0/1 on the switch.
The user adopts 802.1x client supporting EAD extended function.
You are required to configure the switch to use RADIUS server for remote user
authentication and use security policy server for EAD control on users.
The following are the configuration tasks:
Connect the RADIUS authentication server 10.110.91.164 and the switch, and
configure the switch to use port number 1812 to communicate with the server.
Configure the authentication server type to extended.
Configure the encryption password for exchanging messages between the switch
and RADIUS server to expert.
Configure the IP address 10.110.91.166 of the security policy server.
II. Network diagram
User
Security policy servers
10.110.91.166/16
Figure 3-2 EAD configuration
III. Configuration procedure
# Configure 802.1x on the switch. Refer to "Configuring 802.1x" in 802.1x and System
Guard Configuration.
# Configure a domain.
<Sysname> system-view
[Sysname] domain system
[Sysname-isp-system] quit
# Configure a RADIUS scheme.
[Sysname] radius scheme cams
[Sysname-radius-cams] primary authentication 10.110.91.164 1812
[Sysname-radius-cams] accounting optional
[Sysname-radius-cams] key authentication expert
Authentication servers
10.110.91.164/16
Eth1/0/1
Virus patch servers
10.110.91.168/16
Internet
3-3
Chapter 3 EAD Configuration