When an S series switch (except the S1700 switch) connects to an H3C iMC RADIUS server to perform authentication, authorization, or accounting for 802.1x users, configure security check policies (for example, check whether the 802.1x client has two network cards and whether the 802.1x client version is correct) on the RADIUS server to improve security. Perform the following operations:
1. Configure RADIUS accounting.
2. Run the dot1x authentication-method eap command to configure EAP relay authentication for 802.1x users.
3. Run the dot1x eap-notify-packet eap-code 10 data-type 25 command to configure the switch to return the EAP packets with type value of 10 and data type of 25 to the RADIUS server.
4. Run the radius-attribute translate HW-Up-Priority HW-User-Information receive command to convert the HW-Up-Priority attribute in the received RADIUS packets into HW-User-Information.
5. If the RADIUS server needs to dynamically authorize AAA users, the attributes delivered by the security check policy may be different from the attributes delivered by dynamic authorization. Run the authorization-modify mode modify command to set the update mode for user authorization information delivered by the RADIUS server to Modify. After the command is executed, the attributes delivered by dynamic authorization will not overwrite the attributes delivered by security check policy.
Buy the way, you can check the way of Huawei S series switches.
Learn More:
Does the S1700 support IPSG and SNMP?
What should be noticed when Huawei S series switches connect to H3C iMC RADIUS servers?