3com 2928 User Guide

 

1-14 

As shown in 

z

 

It is required to perform 802.1X authentication on port GigabitEthernet 1/0/1 to control user access 
to the Internet, configure the access control method as MAC address based on the port, and 
enable periodic re-authentication of online users on the port, so that the server can periodically 
update the authorization information of the users. 

z

 

All users belong to default domain test. RADIUS authentication is performed. If RADIUS 
accounting fails, the switch gets the corresponding user offline. The RADIUS servers run iMC. 

z

 

A server group with two RADIUS servers is connected to the switch. The IP addresses of the 
servers are 10.1.1.1 and 10.1.1.2 respectively. Use the former as the primary 
authentication/secondary accounting server, and the latter as the secondary 
authentication/primary accounting server. 

z

 

Set the shared key for the device to exchange packets with the authentication server as name, and 
that for the device to exchange packets with the accounting server as money. 

z

 

Specify the device to try up to five times at an interval of 5 seconds in transmitting a packet to the 
RADIUS server until it receives a response from the server, and to send real time accounting 
packets to the accounting server every 15 minutes. 

z

 

Specify the device to remove the domain name from the username before passing the username to 
the RADIUS server. 

Network diagram for 802.1X configuration  

 

 

 

The following configuration procedure involves RADIUS client configuration for the switch, while 
configurations on the RADIUS servers are omitted. For information about RADIUS configuration, refer 
to RADIUS Configuration. 

 
1)  Configure the IP addresses of the interfaces. (omitted) 
2) Configure 

802.1X 

# Enable 802.1X globally. 

z

 

From the navigation tree, select Authentication > 802.1X to enter the 802.1X configuration page.