3com S7906E 安装指导
1-14
z
All users use the default authentication, authorization, and accounting methods of ISP domain sun,
which can accommodate up to 30 users.
z
The RADIUS server response timeout time is five seconds and the maximum number of RADIUS
packet retransmission attempts is five. The switch sends real-time accounting packets to the
RADIUS server at an interval of 15 minutes, and sends user names without domain names to the
RADIUS server.
Restrict port GigabitEthernet 2/0/1 of the switch as follows:
z
Allow only one 802.1X user to be authenticated.
z
Allow up to 16 OUI values to be configured and allow one additional user whose MAC address has
an OUI among the configured ones to access the port.
Figure 1-2 Network diagram for configuring the userLoginWithOUI mode
Configuration procedure
z
The following configuration steps cover some AAA/RADIUS configuration commands. For details
about the commands, refer to AAA Configuration in the Security Volume.
z
Configurations on the host and RADIUS servers are omitted.
1) Configure the RADIUS protocol
# Configure a RADIUS scheme named radsun.
<Switch> system-view
[Switch] radius scheme radsun
[Switch-radius-radsun] primary authentication 192.168.1.2
[Switch-radius-radsun] primary accounting 192.168.1.3
[Switch-radius-radsun] secondary authentication 192.168.1.3
[Switch-radius-radsun] secondary accounting 192.168.1.2
[Switch-radius-radsun] key authentication name
[Switch-radius-radsun] key accounting money
[Switch-radius-radsun] timer response-timeout 5
[Switch-radius-radsun] retry 5
[Switch-radius-radsun] timer realtime-accounting 15
[Switch-radius-radsun] user-name-format without-domain
[Switch-radius-radsun] quit