363
Configuration examples
MAC-based 802.1X configuration example
Network requirements
As shown in Figure 330, the access device performs 802.1X authentication for users that connect to port
GigabitEthernet 1/0/1. Implement MAC-based access control on the port, so the logoff of one user does
not affect other online 802.1X users. Enable periodic re-authentication of online users on the port, so that
the server can periodically update the authorization information of the users.
Use RADIUS servers to perform authentication, authorization, and accounting for the 802.1X users. If
RADIUS accounting fails, the access device logs the user off. The RADIUS servers run CAMS or IMC.
Configure the host at 10.1.1.1 as the primary authentication and secondary accounting servers, and the
host at 10.1.1.2 as the secondary authentication and primary accounting servers. Assign all users to the
ISP domain test.
Configure the shared key as name for packets between the access device and the authentication server,
and the shared key as money for packets between the access device and the accounting server.
Exclude the ISP domain name from the username sent to the RADIUS servers.
Specify the device to try up to 5 times at an interval of 5 seconds in transmitting a packet to the RADIUS
server until it receives a response from the server, and to send real time accounting packets to the
accounting server every 15 minutes.
Figure 330 Network diagram
Configuring IP addresses
# Assign an IP address to each interface as shown in Figure 330. Make sure the supplicant, switch, and
servers can reach each other. (Details not shown.)
Configuring the RADIUS server
For more information about the RADIUS configuration, see "Configuring RADIUS."
Configuring 802.1X on the switch
1. Configure 802.1X globally:
a. From the navigation tree, select Authentication > 802.1X.
b. Select the Enable 802.1X box, select the authentication method as CHAP, and click Apply.
To Next Page
Loading...
Need help?
General