X Configuration Example - Huawei Quidway S3900 Series Operation Manual

Operation Manual – 802.1x
Quidway S3900 Series Ethernet Switches-Release 1510
Table 1-7 Display and debug 802.1x
Display the configuration,
session,
information about 802.1x
Clear
statistics information
1.7 Configuration Example

1.7.1 802.1x Configuration Example

I. Network requirements
Authenticate users on all ports to control their accesses to the Internet. The switch
operates in MAC address-based access control mode. The access control mode
is MAC-address-based.
All supplicant systems that pass the authentication belong to the default domain
named "aabbcc.net". The domain can accommodate up to 30 users. As for
authentication, a supplicant system is authenticated locally if the RADIUS server
fails. And as for accounting, a supplicant system is disconnected by force if the
RADIUS server fails. The name of an authenticated supplicant system is not
suffixed with the domain name. A connection is terminated if the total size of the
data passes through it during a period of 20 minutes is less than 2,000 bytes. All
connected clients belong to the same default domain: aabbcc.net, which
accommodates up to 30 clients. Authentication is performed either on the RADIUS
server, or locally ( in case that the RADIUS server fails to respond). A client is
disconnected in one of the following two situations: RADIUS accounting fails; the
connected user has not included the domain name in the username, and there is a
continuous below 2000 bytes of traffic for over 20 minutes.
The switch is connected to a server comprising of two RADIUS servers whose IP
addresses are 10.11.1.1 and 10.11.1.2. The RADIUS server with an IP address of
10.11.1.1 operates as the primary authentication server and the secondary
accounting server. The other operates as the secondary authentication server and
primary accounting server. The password for the switch and the authentication
RADIUS servers to exchange message is "name". And the password for the switch
and the accounting RADIUS servers to exchange message is "money". The switch
sends another packet to the RADIUS servers again if it sends a packet to the
RADIUS server and does not receive response for 5 seconds with a maximum
number of retries of 5. And the switch sends a real-time accounting packet to the
RADIUS servers once in every 15 minutes. A user name is sent to the RADIUS
Operation
display dot1x [ sessions
and statistics | statistics ] [ interface
interface-list ]
802.1x-related reset
[ interface interface-list ]
Huawei Technologies Proprietary
Command
dot1x statistics
1-19
Chapter 1 802.1x Configuration
Description
You can execute the
display command in any
view
You can execute the
reset command in user
view