Operation Manual – 802.1x-System GuardH3C S3100 Series Ethernet Switches Chapter 1 802.1x Configuration1-231.6 Configuration Example1.6.1 802.1x Configuration ExampleI. Network requirementsz Authenticate users on all ports to control their accesses to the Internet. The switchoperates in MAC address-based access control mode.z All supplicant systems that pass the authentication belong to the default domainnamed “aabbcc.net”. The domain can accommodate up to 30 users. As forauthentication, a supplicant system is authenticated locally if the RADIUS serverfails. And as for accounting, a supplicant system is disconnected by force if theRADIUS server fails. The name of an authenticated supplicant system is notsuffixed with the domain name. A connection is terminated if the total size of thedata passes through it during a period of 20 minutes is less than 2,000 bytes.z The switch is connected to a server comprising of two RADIUS servers whose IPaddresses are 10.11.1.1 and 10.11.1.2. The RADIUS server with an IP address of10.11.1.1 operates as the primary authentication server and the secondaryaccounting server. The other operates as the secondary authentication server andprimary accounting server. The password for the switch and the authenticationRADIUS servers to exchange message is “name”. And the password for theswitch and the accounting RADIUS servers to exchange message is “money”. Theswitch sends another packet to the RADIUS servers again if it sends a packet tothe RADIUS server and does not receive response for 5 seconds, with themaximum number of retries of 5. And the switch sends a real-time accountingpacket to the RADIUS servers once in every 15 minutes. A user name is sent tothe RADIUS servers with the domain name truncated.z The user name and password for local 802.1x authentication are “localuser” and“localpass” (in plain text) respectively. The idle disconnecting function is enabled.II. Network diagramIP networkSupplicant AuthenticatorEthernet 1/0/1Authentication Servers(IP Address:10.11.1.110.11.1.2)SwitchFigure 1-12 Network diagram for AAA configuration with 802.1x and RADIUS enabled
