3-26
z You are required to configure the switch to use RADIUS server for remote user authentication and
use security policy server for EAD control on users.
The following are the configuration tasks:
z Connect the RADIUS authentication server 10.110.91.164 and the switch, and configure the switch
to use port number 1812 to communicate with the server.
z Configure the authentication server type to extended.
z Configure the encryption password for exchanging messages between the switch and RADIUS
server to expert.
z Configure the IP address 10.110.91.166 of the security policy server.
Network diagram
Figure 3-2 EAD configuration
Eth1/0/1 Internet
User
Security policy servers
10.110.91.166/16
Virus patch servers
10.110.91.168/16
Authentication servers
10.110.91.164/16
Configuration procedure
# Configure 802.1x on the switch. Refer to “Configuring 802.1x” in 802.1x and System Guard
Configuration.
# Configure a domain.
<Sysname> system-view
[Sysname] domain system
[Sysname-isp-system] quit
# Configure a RADIUS scheme.
[Sysname] radius scheme cams
[Sysname-radius-cams] primary authentication 10.110.91.164 1812
[Sysname-radius-cams] accounting optional
[Sysname-radius-cams] key authentication expert
[Sysname-radius-cams] server-type extended
# Configure the IP address of the security policy server.
[Sysname-radius-cams] security-policy-server 10.110.91.166
# Associate the domain with the RADIUS scheme.
[Sysname-radius-cams] quit
[Sysname] domain system