Ead Configuration Example - H3C S7500 Series Operation Manual

Operation Manual – AAA & RADIUS & HWTACACS & EAD
H3C S7500 Series Ethernet Switches

2.4 EAD Configuration Example

I. Network requirements
As shown in
A user's workstation is connected to Ethernet 2/0/1 of the switch.
The user's workstation adopts 802.1X client supporting EAD extended function.
By configuring the switch, user remote authentication is implemented through
RADIUS server and EAD control is achieved through security policy server.
The following are the configuration tasks:
Connect the RADIUS authentication server to the switch. The IP address of the
server is 10.110.91.164, and the switch adopts port 1812 to communicate with the
authentication server.
Configure the authentication server type as extended.
Configure the encryption password for exchanging messages between the switch
and RADIUS server as expert.
Configure the IP address of the security policy server as 10.110.91.166.
II. Network diagram
Ethernet 2 /0/1
User
Security Policy Servers
10.110.91.166
Figure 2-3 EAD configuration exampl
III. Configuration procedure
# Configure 802.1X on the switch. Refer to the 802.1X module in H3C S7500 Series
Ethernet Switches Operation Manual for detailed description.
# Configure a domain.
<H3C> system-view
[H3C] domain system
[H3C-isp-system] quit
Figure 2-3:
Authentication Serv ers
10 .110 .91.164
Virus Patc h Servers
10.110.91. 168
Internet
e
2-4
Chapter 2 EAD Configuration