Huawei Quidway S3900 Series Operation Manual page 532

Operation Manual – AAA & RADIUS & HWTACACS & EAD
Quidway S3900 Series Ethernet Switches-Release 1510
A user is connected to Ethernet1/0/1 of the switch
The user adopts 802.1X client supporting H3C extended function
By configuring the switch, user remote authentication is implemented through
RADIUS server and EAD control is achieved through security policy server.
The following are the configuration tasks:
Connect the authentication server (RADIUS server) and the switch. The IP
address of the server is 10.110.91.164, and the switch adopts the port with port
number 1812 to communicate with the authentication server.
Configure the authentication server type to huawei.
Configure the encryption password for exchanging messages between the switch
and RADIUS server to "expert".
Configure the IP address of the security policy server to 10.110.91.166.
II. Network diagram
User User User
Security policy server Security policy server Security policy server
(IP Address:10.110.91.166 ) (IP Address:10.110.91.166 ) (IP Address:10.110.91.166 )
Figure 2-2 EAD configuration example
III. Configuration procedure
# Configure 802.1X on the switch. Refer to the 802.1X module in Quidway S3900
Series Ethernet Switches Operation Manual for detailed description.
# Configure domain.
<Quidway> system-view
[Quidway] domain system
[Quidway-isp-system] quit
# Configure RADIUS scheme.
Ethernet 1/0/1 Ethernet 1/0/1 Ethernet 1/0/1
Huawei Technologies Proprietary
2-3
Chapter 2 EAD Configuration
Authentication server Authentication server Authentication server Authentication server
(IP Address 10.110.91.164 ) (IP Address 10.110.91.164 ) (IP Address 10.110.91.164 ) (IP Address 10.110.91.164 )
Internet Internet Internet Internet
Internet Internet Internet Internet
Virus patch server Virus patch server Virus patch server Virus patch server
(IP Address:10.110.91.168 ) (IP Address:10.110.91.168 ) (IP Address:10.110.91.168 ) (IP Address:10.110.91.168 )