3Com 3.01.01 Switch User Manual


 
IEEE 802.1x 273
The user name of the local 802.1x access user is localuser and the password is
localpass (input in plain text). The idle cut function is enabled.
Figure 2 Enabling 802.1x and RADIUS to Perform AAA on the Requester
The following examples concern most of the AAA/RADIUS configuration
commands. The configurations for accessing user workstation and the RADIUS
server are omitted.
1 Enable the 802.1x performance on the specified port GigabitEthernet1/1/2.
[SW8800]dot1x interface GigabitEthernet1/1/2
2 Set the access control mode. (This command could not be configured, when it is
configured as MAC-based by default.)
[SW8800]dot1x port-method macbased interface GigabitEthernet1/1/2
3 Create the RADIUS group radius1 and enters its configuration mode.
[SW8800]radius scheme radius1
4 Set the IP address of the primary authentication/accounting RADIUS servers.
[SW8800-radius-radius1]primary authentication 10.11.1.1 1812
[SW8800-radius-radius1]primary accounting 10.11.1.1 1813
5 Set the IP address of the second authentication/accounting RADIUS servers.
[SW8800-radius-radius1]secondary authentication 10.11.1.2 1812
[SW8800-radius-radius1]secondary accounting 10.11.1.2 1813
6 Set the encryption key when the system exchanges packets with the
authentication RADIUS server.
[SW8800-radius-radius1]key authentication a123456789
7 Set the encryption key when the system exchanges packets with the accounting
RADIUS server.
[SW8800-radius-radius1]key accounting m123456789
8 Set the timeouts and times for the system to retransmit packets to the RADIUS
server.
[SW8800-radius-radius1]timer 5
[SW8800-radius-radius1]retry 5
9 Set the interval for the system to transmit real-time accounting packets to the
RADIUS server.
Internet
Authentication servers
(RADIUS server cluster
IP address: 10.11.1.1,
10.11.1.2)
Requestor
E1/1/2
Switch
Authenticator