3com DUA1750-2BAA01 Manual De Usuario
3Com Switch 8800 Configuration Guide
Chapter 39 802.1x Configuration
39-12
Enable the error/event/packet/all
debugging of 802.1x
debugging of 802.1x
debugging dot1x
{ error | event |
packet
| all }
Disable the error/event/packet/all
debugging of 802.1x.
debugging of 802.1x.
undo debugging dot1x
{ error | event |
packet
| all }
39.4 802.1x Configuration Example
I. Network requirements
As shown in Figure 39-2, the workstation of a user is connected to the port Ethernet
3/1/1 of the Switch.
3/1/1 of the Switch.
The switch administrator will enable 802.1x on all the ports to authenticate the
supplicants so as to control their access to the Internet. The access control mode is
configured as based on the MAC address
supplicants so as to control their access to the Internet. The access control mode is
configured as based on the MAC address
All the supplicants belong to the default domain 3Com163.net, which can contain up to
30 users. RADIUS authentication is performed first. If there is no response from the
RADIUS server, local authentication will be performed. For accounting, if the RADIUS
server fails to account, the user will be disconnected. In addition, when the user is
accessed, the domain name does not follow the user name. Normally, if the user’s
traffic is less than 2000 Byte/s consistently over 20 minutes, he will be disconnected.
30 users. RADIUS authentication is performed first. If there is no response from the
RADIUS server, local authentication will be performed. For accounting, if the RADIUS
server fails to account, the user will be disconnected. In addition, when the user is
accessed, the domain name does not follow the user name. Normally, if the user’s
traffic is less than 2000 Byte/s consistently over 20 minutes, he will be disconnected.
A server group, consisting of two RADIUS servers at 10.11.1.1 and 10.11.1.2
respectively, is connected to the switch. The former one acts as the
primary-authentication/secondary-accounting server. The latter one acts as the
secondary-authentication/primary-accounting server. Set the encryption key as “name”
when the system exchanges packets with the authentication RADIUS server and
“money” when the system exchanges packets with the accounting RADIUS server.
Configure the system to retransmit packets to the RADIUS server if no response
received in 5 seconds. Retransmit the packet no more than 5 times in all. Configure the
system to transmit a real-time accounting packet to the RADIUS server every 15
minutes. The system is instructed to transmit the user name to the RADIUS server after
removing the user domain name from the user name.
respectively, is connected to the switch. The former one acts as the
primary-authentication/secondary-accounting server. The latter one acts as the
secondary-authentication/primary-accounting server. Set the encryption key as “name”
when the system exchanges packets with the authentication RADIUS server and
“money” when the system exchanges packets with the accounting RADIUS server.
Configure the system to retransmit packets to the RADIUS server if no response
received in 5 seconds. Retransmit the packet no more than 5 times in all. Configure the
system to transmit a real-time accounting packet to the RADIUS server every 15
minutes. The system is instructed to transmit the user name to the RADIUS server after
removing the user domain name from the user name.
The user name of the local 802.1x access user is localuser and the password is
localpass (input in plain text). The idle cut function is enabled.
localpass (input in plain text). The idle cut function is enabled.