1-21
a real-time accounting packet to the RADIUS servers once in every 15 minutes. A user name is
sent to the RADIUS servers with the domain name truncated.
z The user name and password for local 802.1x authentication are “localuser” and “localpass” (in
plain text) respectively. The idle disconnecting function is enabled.
Network diagram
Figure 1-12 Network diagram for AAA configuration with 802.1x and RADIUS enabled
Configuration procedure
Following configuration covers the major AAA/RADIUS configuration commands. Refer to AAA
Operation for the information about these commands. Configuration on the client and the RADIUS
servers is omitted.
# Enable 802.1x globally.
<Sysname> system-view
System View: return to User View with Ctrl+Z.
[Sysname] dot1x
# Enable 802.1x on Ethernet 1/0/1.
[Sysname] dot1x interface Ethernet 1/0/1
# Set the access control method to MAC-based (This operation can be omitted, as MAC-based is the
default).
[Sysname] dot1x port-method macbased interface Ethernet 1/0/1
# Create a RADIUS scheme named “radius1” and enter RADIUS scheme view.
[Sysname] radius scheme radius1
# Assign IP addresses to the primary authentication and accounting RADIUS servers.
[Sysname-radius-radius1] primary authentication 10.11.1.1
[Sysname-radius-radius1] primary accounting 10.11.1.2
# Assign IP addresses to the secondary authentication and accounting RADIUS server.