The difference between COMWARE V3 and COMWARE V5 on implementation of 802.1x in the H3C switches
I Network topology
II Description of the problem
When making the switch based on V5 software platform the authenticator on implementing 802.1x, such as S3610/5510, the supplicant could not get online. If using the debugging commands for troubleshooting, you could find the switch would not send accounting packets to the RADIUS Server leading to the authentication failure. The relating configuration is as follows.
#
radius scheme test
server-type extended
primary authentication 192.168.0.18
primary accounting 192.168.0.18
key authentication cams
key accounting cams
user-name-format without-domain
#
domain test
authentication default radius-scheme test
accounting default radius-scheme test
III Process analysis:
In these switches based on Comware V5 software platform, it is not necessary to set accounting scheme, but authentication and authorization schemes have to be configured and their scheme names must be the same. So the switch would find it different between them if you would not set an authorization scheme and then the authentication could not pass, and the accounting packets would not be send, which should be send after authentication succeeds.
IV Solution
According to above analysis, the configuration should be change to the following.
domain test
authentication default radius-scheme test
authorization default radius-scheme test
accounting default radius-scheme test
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作