Installation manual
Operation Manual - Security
Quidway S3000-EI Series Ethernet Switches Chapter 1
802.1x Configuration
Huawei Technologies Proprietary
1-17
rimary authentication/accounting RADIUS servers.
servers.
the authentication
# Set the encryption key when the system exchanges packets with the accounting
[Quidway-radius-radius1] key accounting money
for the system to retransmit packets to the RADIUS
rver.
[Quidway-radius-radius1] timer 5
adius-radius1] retry 5
# Configure the system to transmit the user name to the RADIUS server after removing
e domain name.
huawei163.net.
# Enable the 802.1x performance on the specified port Ethernet 0/1.
[Quidway] dot1x interface Ethernet 0/1
# Set the access control mode. (This command could not be configured, when it is
configured as MAC-based by default.)
[Quidway] dot1x port-method macbased interface Ethernet 0/1
# Create the RADIUS scheme radius1 and enters its view.
[Quidway] radius scheme radius1
# Set IP address of the p
[Quidway-radius-radius1] primary authentication 10.11.1.1
[Quidway-radius-radius1] primary accounting 10.11.1.2
# Set the IP address of the second authentication/accounting RADIUS
[Quidway-radius-radius1] secondary authentication 127.0.0.1 1645
[Quidway-radius-radius1] secondary accounting 10.11.1.1
[Quidway-radius-radius1] quit
# Set the encryption key when the system exchanges packets with
RADIUS server.
[Quidway] local-server nas-ip 127.0.0.1 key name
[Quidway] radius scheme radius1
[Quidway-radius-radius1] key authentication name
RADIUS server.
# Set the timeouts and times
se
[Quidway-r
# Set the interval for the system to transmit real-time accounting packets to the
RADIUS server.
[Quidway-radius-radius1] timer realtime-accounting 15
th
[Quidway-radius-radius1] user-name-format without-domain
[Quidway-radius-radius1] quit
# Create the user domain huawei163.net and enters isp configuration mode.
[Quidway] domain huawei163.net
# Specify radius1 as the RADIUS scheme for the users in the domain
[Quidway-isp-huawei163.net] radius-scheme radius1