1-20
Figure 1-12 Network diagram for AAA configuration with 802.1x and RADIUS enabled
Configuration procedure
Following configuration covers the major AAA/RADIUS configuration commands. Refer to AAA
Operation Manual for the information about these commands. Configuration on the client and the
RADIUS servers is omitted.
# Enable 802.1x globally.
<device> system-view
System View: return to User View with Ctrl+Z.
[device] dot1x
# Enable 802.1x on GigabitEthernet 1/0/1 port.
[device] dot1x interface GigabitEthernet 1/0/1
# Set the access control method to be MAC-address-based (This operation can be omitted, as
MAC-address-based is the default).
[device] dot1x port-method macbased interface GigabitEthernet 1/0/1
# Create a RADIUS scheme named “radius1” and enter RADIUS scheme view.
[device] radius scheme radius1
# Assign IP addresses to the primary authentication and accounting RADIUS servers.
[device-radius-radius1] primary authentication 10.11.1.1
[device-radius-radius1] primary accounting 10.11.1.2
# Assign IP addresses to the secondary authentication and accounting RADIUS server.
[device-radius-radius1] secondary authentication 10.11.1.2
[device-radius-radius1] secondary accounting 10.11.1.1
# Set the password for the switch and the authentication RADIUS servers to exchange messages.
[device-radius-radius1] key authentication name
# Set the password for the switch and the accounting RADIUS servers to exchange messages.
