IEEE 802.1x 273
The user name of the local 802.1x access user is localuser and the password is
localpass (input in plain text). The idle cut function is enabled.
Figure 2 Enabling 802.1x and RADIUS to Perform AAA on the Requester
The following examples concern most of the AAA/RADIUS configuration
commands. The configurations for accessing user workstation and the RADIUS
server are omitted.
1 Enable the 802.1x performance on the specified port GigabitEthernet1/1/2.
[SW8800]dot1x interface GigabitEthernet1/1/2
2 Set the access control mode. (This command could not be configured, when it is
configured as MAC-based by default.)
[SW8800]dot1x port-method macbased interface GigabitEthernet1/1/2
3 Create the RADIUS group radius1 and enters its configuration mode.
[SW8800]radius scheme radius1
4 Set the IP address of the primary authentication/accounting RADIUS servers.
[SW8800-radius-radius1]primary authentication 10.11.1.1 1812
[SW8800-radius-radius1]primary accounting 10.11.1.1 1813
5 Set the IP address of the second authentication/accounting RADIUS servers.
[SW8800-radius-radius1]secondary authentication 10.11.1.2 1812
[SW8800-radius-radius1]secondary accounting 10.11.1.2 1813
6 Set the encryption key when the system exchanges packets with the
authentication RADIUS server.
[SW8800-radius-radius1]key authentication a123456789
7 Set the encryption key when the system exchanges packets with the accounting
RADIUS server.
[SW8800-radius-radius1]key accounting m123456789
8 Set the timeouts and times for the system to retransmit packets to the RADIUS
server.
[SW8800-radius-radius1]timer 5
[SW8800-radius-radius1]retry 5
9 Set the interval for the system to transmit real-time accounting packets to the
RADIUS server.
Internet
Authentication servers
(RADIUS server cluster
IP address: 10.11.1.1,
10.11.1.2)
Requestor
E1/1/2
Switch
Authenticator