∙All users belong to default domain test. RADIUS authentication is performed. If RADIUS accounting fails, the switch gets the corresponding user offline. The RADIUS servers run iMC.
∙A server group with two RADIUS servers is connected to the switch. The IP addresses of the servers are 10.1.1.1 and 10.1.1.2 respectively. Use the former as the primary authentication/secondary accounting server, and the latter as the secondary authentication/primary accounting server.
∙Set the shared key for the device to exchange packets with the authentication server as name, and that for the device to exchange packets with the accounting server as money.
∙Specify the device to try up to five times at an interval of 5 seconds in transmitting a packet to the RADIUS server until it receives a response from the server, and to send real time accounting packets to the accounting server every 15 minutes.
∙Specify the device to remove the domain name from the username before passing the username to the RADIUS server.
a.Network diagram for 802.1X configuration
Configuration procedure
NOTE:
The following configuration procedure involves RADIUS client configuration for the switch, while configurations on the RADIUS servers are omitted. For information about RADIUS configuration, see chapter "RADIUS configuration."
Table 113 Configure the IP addresses of the interfaces. (omitted) Table 114 Configure 802.1X.
# Enable 802.1X globally.
∙From the navigation tree, select Authentication 802.1X to enter the 802.1X configuration page.
335