[x]

802.1X authentication configuration examples > 802.1X SmartOn configuration example

 

 Next

802.1X SmartOn configuration example

Network requirements

As shown in Figure 47, configure the SmartOn feature on GigabitEthernet 1/0/1 so that the host must pass SmartOn authentication before 802.1X authentication.

Set the SmartOn password to 1234 in plain text and switch ID to XYZ. Set the SmartOn client timeout timer to 40 seconds.

Figure 40: Network diagram

Configuration procedure

  1. Configure a RADIUS scheme:

    # Create RADIUS scheme 2000 and enter RADIUS scheme view.

    <Device> system-view
[Device] radius scheme 2000

    # Specify the server at 10.11.1.1 as the primary authentication server, and set the authentication port to 1812.

    [Device-radius-2000] primary authentication 10.11.1.1 1812

    # Specify the server at 10.11.1.2 as the primary accounting server, and set the accounting port to 1813.

    [Device-radius-2000] primary accounting 10.11.1.2 1813

    # Set the shared key to abc in plain text for secure communication between the authentication server and the device.

    [Device-radius-2000] key authentication simple abc

    # Set the shared key to abc in plain text for secure communication between the accounting server and the device.

    [Device-radius-2000] key accounting simple abc

    # Exclude the ISP domain names from the usernames sent to the RADIUS server.

    [Device-radius-2000] user-name-format without-domain
[Device-radius-2000] quit

  2. Configure an ISP domain:

    # Create an ISP domain named bbb and enter ISP domain view.

    [Device] domain bbb

    # Apply RADIUS scheme 2000 to the ISP domain for authentication, authorization, and accounting.

    [Device-isp-bbb] authentication lan-access radius-scheme 2000
[Device-isp-bbb] authorization lan-access radius-scheme 2000
[Device-isp-bbb] accounting lan-access radius-scheme 2000
[Device-isp-bbb] quit

  3. Configure 802.1X and SmartOn:

    # Enable 802.1X on GigabitEthernet 1/0/1.

    [Device] interface gigabitethernet 1/0/1
[Device-GigabitEthernet1/0/1] dot1x

    # Enable SmartOn on GigabitEthernet 1/0/1.

    [Device-GigabitEthernet1/0/1] dot1x smarton
[Device-GigabitEthernet1/0/1] quit

    # Set the SmartOn password to 1234 in plain text and the switch ID to XYZ.

    [Device] dot1x smarton password simple 1234
[Device] dot1x smarton switchid XYZ

    # Set the SmartOn client timeout timer to 40 seconds.

    [Device] smarton timer supp-timeout 40

    # Enable 802.1X globally.

    [Device] dot1x

prev

 

up

 next

802.1X with EAD assistant configuration example (with DHCP server) 

home

 Troubleshooting 802.1X

© Copyright 2017 Hewlett Packard Enterprise Development LP