Operation Manual – 802.1x-HABP-MAC Authentication
H3C S3610&S5510 Series Ethernet Switches
Chapter 1 802.1x Configuration
1-20
<Sysname> system-view
[Sysname] local-user localuser
[Sysname-luser-localuser] service-type lan-access
[Sysname-luser-localuser] password simple localpass
[Sysname-luser-localuser] attribute idle-cut 20
[Sysname-luser-localuser] quit
# Create RADIUS scheme radius1 and enter its view.
[Sysname] radius scheme radius1
# Configure the IP addresses of the primary authentication and accounting RADIUS
servers.
[Sysname-radius-radius1] primary authentication 10.1.1.1
[Sysname-radius-radius1] primary accounting 10.1.1.2
# Configure the IP addresses of the secondary authentication and accounting RADIUS
servers.
[Sysname-radius-radius1] secondary authentication 10.1.1.2
[Sysname-radius-radius1] secondary accounting 10.1.1.1
# Specify the shared key for the device to exchange packets with the authentication
server.
[Sysname-radius-radius1] key authentication name
# Specify the shared key for the device to exchange packets with the accounting server.
[Sysname-radius-radius1] key accounting money
# Set the interval for the device to retransmit packets to the RADIUS server and the
maximum number of transmission attempts.
[Sysname-radius-radius1] timer response-timeout 5
[Sysname-radius-radius1] retry 5
# Set the interval for the device to send real time accounting packets to the RADIUS
server.
[Sysname-radius-radius1] timer realtime-accounting 15
# Specify the device to remove the domain name of any username before passing the
username to the RADIUS server.
[Sysname-radius-radius1] user-name-format without-domain
[Sysname-radius-radius1] quit
# Create domain aabbcc.net and enter its view.
[Sysname] domain aabbcc.net
# Set radius1 as the RADIUS scheme for users of the domain and specify to use local
authentication as the secondary scheme.
[Sysname-isp-aabbcc.net] authentication default radius-scheme radius1 local