H3C S7500 Series Ethernet Switches Operation Manual

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

511

512

513

514

515

516

517

518

519

520

Operation Manual – 802.1x

H3C S7500 Series Ethernet Switches

Chapter 1 802.1x Configuration

1-19

Table 1-7 Display and debug 802.1x

To do... Use the command... Remarks

Display the configuration,

health, and statistics about

802.1x

display dot1x [ sessions |

statistics ] [ interface

interface-list ]

In any view

Clear 802.1x-related statistics

information

reset dot1x statistics [ interface

interface-list ]

In user view

1.7 Configuration Example

1.7.1 802.1x Configuration Example

I. Network requirements

z Supplicant systems are authenticated on all ports to control their accesses to the

Internet. The switch operates in MAC address-based access control mode.

z All supplicant systems that pass the authentication belong to the default domain

named aabbcc.net. The domain can accommodate up to 30 users. For

authentication, a supplicant system is authenticated locally if the RADIUS server

fails. For accounting, a supplicant system is disconnected if the RADIUS server

fails. The name of an authenticated supplicant system is not suffixed with the

domain name. The switch will tear down the connection to the supplicant system if

the traffic is less than 2,000 bytes within 20 minutes.

z The switch is connected to the server group composed of two RADIUS servers

whose IP addresses are 10.11.1.1 and 10.11.1.2 respectively. The RADIUS

server with an IP address of 10.11.1.1 operates as the primary authentication

server and the secondary accounting server. The other operates as the secondary

authentication server and the primary accounting server. The password for the

switch and the authentication RADIUS servers to exchange message is name.

And the password for the switch and the accounting RADIUS servers to exchange

message is money. When the switch sends a packet to the RADIUS server but

does not receive any response in 5 seconds, it will send the packet to the RADIUS

servers again for a maximum number of 5 retries. And the switch sends a real-time

accounting packet to the RADIUS servers once in every 15 minutes. A user name

is sent to the RADIUS servers with the domain name truncated.

z The user name and password for local 802.1x authentication are localuser and

localpass (in plain text) respectively. The idle disconnecting function is enabled.