Manuals / Brands / Computer Equipment / Switch / 3Com / Computer Equipment / Switch

3Com 10014298 Implementing the AAA and RADIUS Protocols

1 294

Download 294 pages, 3.73 Mb

Implementing the AAA and RADIUS Protocols 215

[SW7750-radius-radius1]primary authentication 10.11.1.1

[SW7750-radius-radius1]primary accounting 10.11.1.2

5Set the IP address of the second authentication/accounting RADIUS servers.

[SW7750-radius-radius1]secondary authentication 10.11.1.2

[SW7750-radius-radius1]secondary accounting 10.11.1.1

6Set the encryption key when the system exchanges packets with the

authentication RADIUS server.

[SW7750-radius-radius1]key authentication name

7Set the encryption key when the system exchanges packets with the accounting

RADIUS server.

[SW7750-radius-radius1]key accounting money

8Set the timeouts and times for the system to retransmit packets to the RADIUS

server.

[SW7750-radius-radius1]timer 5

[SW7750-radius-radius1]retry 5

9Set the interval for the system to transmit real-time accounting packets to the

RADIUS server.

[SW7750-radius-radius1]timer realtime-accounting 15

10 Configure the system to transmit the user name to the RADIUS server after

removing the domain name.

[SW7750-radius-radius1]user-name-format without-domain

[SW7750-radius-radius1]quit

11 Create the user domain 3com163.net and enters isp configuration mode.

[SW7750]domain 3com163.net

12 Specify radius1 as the RADIUS server group for the users in the domain

3com163.net.

[SW7750-isp-3com163.net]radius-scheme radius1

13 Set a limit of 30 users to the domain 3com163.net.

[SW7750-isp-3com163.net]access-limit enable 30

14 Enable idle cut function for the user and set the idle cut parameter in the domain

3com163.net.

[SW7750-isp-3com163.net]idle-cut enable 50 5000

15 Add a local supplicant and set its parameter.

[SW7750]local-user localuser

[SW7750-luser-localuser]attribute service-type lan-access

[SW7750-luser-localuser]password simple localpass

16 Enable the 802.1x globally.

[SW7750]dot1x

Implementing the AAA and RADIUS Protocols

The Authentication, Authorization, and Accounting (AAA) protocol provides a

uniform framework for configuring these three security functions and implements

network security management.

Contents

Main 3Com Corporation 350 Campus Drive Marlborough, MA 01752-3064 C ABOUT THIS GUIDE S YSTEM A PORT CONFIGURATION VLAN C IP ROUTING PROTOCOL OPERATION M ULTICAST P QOS/ OPERATION STP O AAA AND RADIUS OPERATION SYSTEM MANAGEMENT Page Page ABOUT THIS GUIDE This guide describes the 3Com Switch 7750 and how to configure it in version 3.0 of the software. Tabl e 2 lists the text conventions used in this book. Conventions Tabl e 1 Notice Icons Table 2 Text Conventions 1 Product Overview Configuring the Switch 7750 Figure 1 Setting Up the Local Configuration Environment Through the Console Port Table 3 Function Features (continued) Page Page Page Ethernet Page Page Page Page Page Page Page Page Page Page Page Command Line Interface Page Tabl e 20 Function Feature of Command View Page Page Tabl e 23 Editing Functions Tabl e 24 Display Functions Table 22 Retrieve History Command Page 2 Ethernet Port Overview Page Page Page Page Page Page Configuring Link Aggregation Page Page Page Page Page Page Perform the following configuration in Ethernet port view. Tabl e 44 Configure Port Priority Tabl e 45 Display and Debug Link Aggregation Page Page Page 3 VLAN Overview Configuring VLANs Page Page Page Page Page Page 3Configure the protocol VLAN on port G1/0/1 Configuring GARP/GVRP Page Page Page Page Page 4 Configuring IP Address Page Page Configuring Address Resolution Protocol (ARP) Page DHCP Relay Page Page Page Page IP Performance Page Page Page 5 IP Routing Protocol Overview Page Page Static Routes Page Page Page Page RIP Page Page Page Page Page Page Page Page Page IP Routing Policy Page Page Page Page Page Route Capacity Page Page Page 6 IP Multicast Overview Page Page Page Page Configuring Common Multicast Page Configuring IGMP Page Page Page Page Page Page Page IGMP Snooping Page Page Page Page Page Configuring PIM-DM Page Page Page Page Figure 33 PIM-DM Configuration Networking 2Enable PIM-DM. Table 144 Displaying and Debugging PIM-DM Configuring PIM-SM Page Page Page Page Page Page Page Execute the debugging command in user view to debug PIM-SM. Figure 35 PIM-SM Configuration Networking Configure Switch A 1Enable PIM-SM. Tabl e 157 Display and Debug PIM-SM Configure Switch B 1Enable PIM-SM. 2Configure the C-BSR. 3Configure the C-RP. 4Configure PIM domain border. GMRP Page Page 7 ACL Overview Page Configuring ACLs Page Page Page ACL Configuration Examples Page Configuring QoS Page Page Page Page Page Page Page Page Page Tabl e 183 Configuring Traffic Statistics Tabl e 184 Display and Debug QoS Page Page Page Page Page Page Page Configuring ACL Control Page Page Page Page Page 8 STP Overview Configuring STP Page Page Page Page MSTP Overview Page Page Configuring MSTP Page Page Page Page Page Page Page Page Page Perform the following configuration in system view. By default, the switch calculates the default Path Cost of a port by the IEEE 802.1t standard. Tabl e 204 Specifying the Standard To Be Followed in Path Cost Calculation Tabl e 205 Cost Corresponding to the Port Speed of Different Standard Page Page Page Page Page Digest Snooping Page 9 IEEE 802.1x Page Page Page Page Page Page Page Implementing the AAA and RADIUS Protocols Page Configuring AAA Page Page Configuring the RADIUS Protocol Page Page Page Page Page Page Page Page Page Configuring HWTACACS Page Page Page Page Page Page The real-time accounting interval defaults to 12 minutes. Displaying and Debugging the AAA, RADIUS, and HWTACACS Protocols Table 255 Numbers of users and the recommended intervals Tabl e 256 Displaying and Debugging AAA and RADIUS/HWTACACS Protocol AAA, RADIUS, and HWTACACS Protocol Configuration Examples Page Page Troubleshooting AAA, RADIUS, and HWTACACS Configurations Page 11 File System Page Page Page Page Page Managing the MAC Address Table Page Page Page Managing Devices Page Maintaining and Debugging the System Page Page Page Page Page Page The system assigns a channel in each output direction by default. See Tabl e 293. Tabl e 293 Numbers and Names of the Channels for Log Output Tabl e 294 Syslog-Defined Severity Table 292 Log Output (continued) Page Page SNMP Page Page Page Page Page Page Tabl e 310 Enable/Disable Transmission of Trap Information Tabl e 311 Disabling SNMP Agent Tabl e 312 Displaying and Debugging SNMP Page RMON Page Page Page NTP Page Page Page Page Page Page Page Page After the synchronization, SW77502 turns into the following status: