Filter
Top Products
DES-7200 Configuration Guide Chapter 4 802.1x Configuration
4-54
4.5 Typical 802.1X
Configuration Examples
4.5.1 802.1X-based AAA
Services
4.5.1.1 Network Topology
Figure 12 Network topology for the 802.1X-based AAA service
4.5.1.2 Networking Requirements
To ensure the validity of network access, the following requirements must be met:
1. It is required that access users on each port must be subject to 1X authentication in order
to control Internet access (unauthenticated users won't be able to access network);
2. Only our client software (supplicant) can be used as the client for 802.1x authentication;
3. Accounting shall be based on online time, and accounting update packets will be
periodically sent to Radius Server (real-time accounting packets will be sent to RADIUS
server every 15 minutes);
4. After sending the authentication request to RADIUS server, the device will resend the
request if no reply is received within 5 seconds, and will try for totally 6 times;
5. Online monitoring of users to prevent authenticated user from being preempted by other
users and to detect whether the user is disconnected;
6. To protect server from hostile attacks, the access user can only initialize re-authentication
after 500 seconds if it fails in authentication. Meanwhile, after trying for over 5 times, this
user will be considered as disconnected and the authentication process will end.
4.5.1.3 Configuration Tips
Turn on AAA switch and configure the communication between device and RADIUS
SERVER; configure 802.1X authentication and configure the device port for client access