3Com 2928 User Guide - Page 369

Configuration Examples 802.1X Configuration Example Network requirements As shown in Figure 1-12: z It is required to perform 802.1X authentication on port GigabitEthernet 1/0/1 to control user access to the Internet, configure the access control method as MAC address based on the port, and enable periodic re-authentication of online users on the port, so that the server can periodically update the authorization information of the users. z All users belong to default domain test. RADIUS authentication is performed. If RADIUS accounting fails, the switch gets the corresponding user offline. The RADIUS servers run iMC. z A server group with two RADIUS servers is connected to the switch. The IP addresses of the servers are 10.1.1.1 and 10.1.1.2 respectively. Use the former as the primary authentication/secondary accounting server, and the latter as the secondary authentication/primary accounting server. z Set the shared key for the device to exchange packets with the authentication server as name, and that for the device to exchange packets with the accounting server as money. z Specify the device to try up to five times at an interval of 5 seconds in transmitting a packet to the RADIUS server until it receives a response from the server, and to send real time accounting packets to the accounting server every 15 minutes. z Specify the device to remove the domain name from the username before passing the username to the RADIUS server. Figure 1-12 Network diagram for 802.1X configuration Configuration procedure The following configuration procedure involves RADIUS client configuration for the switch, while configurations on the RADIUS servers are omitted. For information about RADIUS configuration, refer to RADIUS Configuration. 1) Configure the IP addresses of the interfaces. (omitted) 2) Configure 802.1X # Enable 802.1X globally. z From the navigation tree, select Authentication > 802.1X to enter the 802.1X configuration page. 1-14