3com S7906E 安装指导
1-22
z
Set the shared key for the device to exchange packets with the authentication server as name, and
that for the device to exchange packets with the accounting server as money.
z
Specify the device to try up to five times at an interval of 5 seconds in transmitting a packet to the
RADIUS server until it receives a response from the server, and to send real time accounting
packets to the accounting server every 15 minutes.
z
Specify the device to remove the domain name from the username before passing the username to
the RADIUS server.
z
Set the username of the 802.1X user as localuser and the password as localpass and specify to
use clear text mode. Enable the idle cut function to get the user offline whenever the user remains
idle for over 20 minutes.
Figure 1-10 Network diagram for 802.1X configuration
Configuration procedure
The following configuration procedure covers most AAA/RADIUS configuration commands for the
device, while configuration on the 802.1X client and RADIUS server are omitted. For information about
AAA/RADIUS configuration commands, refer to AAA Configuration in the Security Volume.
# Configure the IP addresses for each interface. (Omitted)
# Add local access user localuser, enable the idle cut function, and set the idle cut interval.
<Device> system-view
[Device] local-user localuser
[Device-luser-localuser] service-type lan-access
[Device-luser-localuser] password simple localpass
[Device-luser-localuser] attribute idle-cut 20
[Device-luser-localuser] quit
# Create RADIUS scheme radius1 and enter its view.
[Device] radius scheme radius1
# Configure the IP addresses of the primary authentication and accounting RADIUS servers.
[Device-radius-radius1] primary authentication 10.1.1.1