《单片机原理与应用 802.1x接入配置指南》由会员分享,可在线阅读,更多相关《单片机原理与应用 802.1x接入配置指南(12页珍藏版)》请在金锄头文库上搜索。
1、8021x 接入配置指南接入配置指南一、一、Cisco 交换机的交换机的 802.1x 接入配置接入配置采用 CISCO 3560G 作为 802.1x 接入设备,以 EAP-MD5 认证业务为例,IEEE 802.1x 认证配置。 组网:Cisco 3560G终端配置: Step 1 Enter Global configuration mode(进入全局模式) Switchenable Password: cisco Switch#configure terminal Enter configuration commands, one per line. End with CNTL/Z.
2、Switch(config)#Step 2 Enable AAA(启用 AAA) Switch(config)#aaa new-modelStep 3 Create IEEE 802.1x Authenticatin Method List(创建 802.1x 认证方法列表) Switch(config)#aaa authentication dot1x default group radiusStep 4 Enable IEEE 802.1x authentication globally in the Switch (启用全局 802.1x 认证) Switch(config)#dot1x
3、 system-auth-controlStep 5 (Optional) Configure the switch to use user-RADIUS authorization for all network- related service requests, such as per-user ACLs or VLAN assignment(创建授权网络列表) Switch(config)#aaa authorization network default group radiusStep 6 (Optional) Specify the IP address of the RADIU
4、S server(配置 radius 服务器信息包 括配置配置 radius 认证与计费共享密钥 secospace) Switch(config)#radius-server host 172.18.100.236 auth-port 1812 acct-port 1813 key secospace Step 7 Enter interface configuration mode(进入接口配置模式,启用 802.1x 接入功能) Switch(config)#interface gigabitEthernet 0/1 /* Set the port to access mode only
5、 if you configured the RADIUS server in Step 6 and Step 7 */ Switch(config-if)#switchport mode access /* Enable IEEE 802.1x authentication on the port */ Switch(config-if)#dot1x port-control autoStep 8 Return to privileged EXEC mode (返回特权模式) Switch(config-if)#endStep 9 Verify your entries(验证 802.1x
6、配置) Switch#show dot1xStep 10 (Optional) Save your entries in the configuration file (保存配置文件) Switch#copy running-config startup-config To display IEEE 802.1x statistics for all ports (查看所有端口状态) Swtch#show dot1x all details | statistics | summaryTo display IEEE 802.1x statistics for a specific port(查
7、看指定端口状态) Swtch#show dot1x interface statistics | details上行接口与 Access 口对接 ! interface GigabitEthernet0/23 switchport access vlan 10 switchport mode accessspanning-tree portfast ! 上行接口与 Trunk 口对接 ! interface GigabitEthernet0/24 switchport trunk encapsulation dot1q switchport mode trunk ! 终端接入端口配置 !int
8、erface GigabitEthernet0/1switchport access vlan 110switchport mode accessdot1x pae authenticatordot1x port-control autodot1x guest-vlan 200spanning-tree portfast ! vlan 接口配置 !Vlan 10 Name SecTSM ! Vlan 110 Name LocalArea ! Vlan 120 Name Island ! Vlan 130 Name WorkArea ! Vlan 200 Name CasualWard ! in
9、terface Vlan10 ip address 172.18.10.73 255.255.255.0 !二、华为交换机的二、华为交换机的 802.1x 接入配置接入配置采用 Quidway S3900 作为 802.1x 接入设备,以 EAP-MD5 认证业务为例,IEEE 802.1x 认证配置。 组网:Quidway S3900终端配置: Step 1 进入系统视图,system-view System View: return to User View with Ctrl+Z. Quidway Step 2 启动 802.1x 接入功能 Quidwaydot1x802.1X is a
10、lready enabled globally. Quidwaydot1x authentication-method ? chap CHAP(Challenge Handshake Authentication Protocol) authentication method.Its default. eap EAP(Extensible Authentication Protocol) authentication method(support eap-tls, eap-md5, peap, eap-ttls) pap PAP(Password Authentication Protocol
11、) authentication method Quidwaydot1x authentication-method eap EAP authentication enabled already. Quidway Step 3 上行接口配置 上行与 Trunk 对接 # interface GigabitEthernet1/1/3 port link-type trunkport trunk permit vlan alldescription Uplink-to-Intranet # 上行与 Access 接口对接 # interface Ethernet1/0/24 port access
12、 vlan 10 description Uplink-to-Intranet # Step 4 终端接入端口配置 基于端口 # interface Ethernet1/0/1 port access vlan 110 dot1x port-control autodot1x port-method portbased dot1x guest-vlan 200dot1x # 基于 MAC # interface Ethernet1/0/3 port access vlan 110 dot1x port-control auto dot1x port-method macbased dot1x
13、# Step 5 vlan 接口配置 # vlan 10name SecTSM # vlan 110name LocalArea # vlan 120 name Island # vlan 130 name WorkArea # interface Vlan-interface10 ip address 172.18.10.74 255.255.255.0 # Step 6 RADIUS 方案配置 计费可用 # radius scheme system primary authentication 172.18.10.240 1812 accounting optional key authe
14、ntication secospace # domain system scheme radius-scheme system authentication radius-scheme system authorization none accounting none # 计费必选 # radius scheme system server-type standard primary authentication 172.18.10.240 1812primary accounting 172.18.10.2240 1813 key authentication secospace key a
15、ccounting numenuser-name-format without-domain # domain system scheme radius-scheme system authentication radius-scheme system accounting radius-scheme system authorization none #三、三、H3C 交换机的交换机的 802.1x 接入配置接入配置采用 Quidway S3600 作为 802.1x 接入设备,以 EAP-MD5 认证业务为例,IEEE 802.1x 认证配置。组网:H3C S3600终端配置: Step
16、1 进入系统视图,system-view System View: return to User View with Ctrl+Z. Quidway Step 2 启动 802.1x 接入功能 Quidwaydot1x802.1X is already enabled globally. Quidwaydot1x authentication-method ? chap CHAP(Challenge Handshake Authentication Protocol) authentication method.Its default. eap EAP(Extensible Authentication Protocol) authentication method(support eap-
