自拍偷在线精品自拍偷,亚洲欧美中文日韩v在线观看不卡

配置802.1x遠端認證

作者:小微
網(wǎng)絡 通信技術
為了保證網(wǎng)絡的安全性,要求在用戶接入網(wǎng)絡時進行802.1x認證。認證服務器為兩臺Radius服務器,IP為10.10.10.1/24服務器作為主認證服務器,IP為10.10.10.2/24的服務器為備用認證服務器。

拓撲圖

規(guī)格

適用于所有版本、所有形態(tài)的AR路由器。

組網(wǎng)需求

PC通過Router訪問網(wǎng)絡。為了保證網(wǎng)絡的安全性,要求在用戶接入網(wǎng)絡時進行802.1x認證。認證服務器為兩臺Radius服務器,IP為10.10.10.1/24服務器作為主認證服務器,IP為10.10.10.2/24的服務器為備用認證服務器。當主用服務器不可用時,Router可以實現(xiàn)最快3s內切換到備用服務器。

操作步驟

1. Router上的配置

  1. V200R007及之前版本: 
  2. #                                                                                
  3. vlan batch 10                                                                    
  4. #                                                                                
  5. dot1x enable                                                                   
  6. #                                                                                
  7. radius-server template shiva  //配置RADIUS服務器模板shiva                                                     
  8.  radius-server shared-key cipher %^%#Q75cNQ6IF(e#L4WMxP~%^7'u17,]D87GO{"[o]`D%^%#                        
  9.  radius-server authentication 10.10.10.1 1812 //配置RADIUS主用認證服務器                                  
  10.  radius-server authentication 10.10.10.2 1812 secondary //配置RADIUS備用認證服務器                         
  11. #                                                                                
  12. aaa                                                                              
  13.  authentication-scheme scheme0 //創(chuàng)建名為scheme0的認證方案                                                       
  14.   authentication-mode radius                                                                              
  15.  domain huawei //配置名為huawei的域                                                                      
  16.   authentication-scheme scheme0                                                      
  17.   radius-server shiva                                                             
  18. #                                                                                
  19. interface Vlanif10                                                               
  20.  ip address 192.168.1.2 255.255.255.0                                            
  21. #                                                                                
  22. interface Ethernet2/0/0                                                          
  23.  port link-type access                                                           
  24.  port default vlan 10                                                            
  25.  dot1x enable                                                                
  27. V200R008及之后版本: 
  28. #                                                                                
  29. vlan batch 10                                                                    
  30. #                                                                                
  31. authentication-profile name p1 
  32.  dot1x-access-profile d1    //在認證模板p1上綁定802.1x接入模板d1 
  33. #                                                                                
  34. radius-server template shiva  //配置RADIUS服務器模板shiva                                                     
  35.  radius-server shared-key cipher %^%#Q75cNQ6IF(e#L4WMxP~%^7'u17,]D87GO{"[o]`D%^%#                        
  36.  radius-server authentication 10.10.10.1 1812 //配置RADIUS主用認證服務器                                  
  37.  radius-server authentication 10.10.10.2 1812 secondary //配置RADIUS備用認證服務器                         
  38. #                                                                                
  39. aaa                                                                              
  40.  authentication-scheme scheme0 //創(chuàng)建名為scheme0的認證方案                                                       
  41.   authentication-mode radius                                                                              
  42.  domain huawei //配置名為huawei的域                                                                      
  43.   authentication-scheme scheme0                                                      
  44.   radius-server shiva                                                             
  45. #                                                                                
  46. interface Vlanif10                                                               
  47.  ip address 192.168.1.2 255.255.255.0                                            
  48. #                                                                                
  49. interface Ethernet2/0/0                                                          
  50.  port link-type access                                                           
  51.  port default vlan 10                                                            
  52.  authentication-profile p1  //接口下綁定認證模板p1 
  54. dot1x-access-profile name d1 

2. 驗證配置結果

RADIUS服務器添加用戶user1@huawei,密碼Huawei@2012,共享密鑰與路由器保持一致配置為radius??蛻舳苏J證成功后,執(zhí)行display access-user可以查看Username字段里有用戶名為user1@huawei,并且相應Status字段顯示為Success。

配置注意事項

  • 路由器與RADIUS服務器上認證端口的值需要保持一致。
  • 路由器和RADIUS服務器上共享密鑰需要保持一致。
  • 路由器與RADIUS服務器間需要路由可達

 

 

責任編輯:趙寧寧 來源: 廈門微思網(wǎng)絡
802.1x遠端認證網(wǎng)絡
相關推薦

2013-10-09 10:44:14

交換機配置802.1X認證

2010-06-13 10:18:11

IEEE 802.1x

2010-08-04 13:13:48

路由器配置

2009-11-17 12:33:55

2012-12-25 10:27:55

2010-10-19 09:44:34

802.1X驗證最佳實踐

2010-01-06 14:40:01

2010-06-13 12:53:41

2010-06-25 14:34:11

IEEE 802.1x

2010-09-26 08:46:08

802.1x

2010-06-13 12:56:40

IEEE 802.1x

2015-09-02 11:52:03

802.1xEAPPEAP

2012-06-15 10:14:22

2011-10-24 14:22:05

2023-03-08 17:54:29

802.1x協(xié)議無線網(wǎng)絡

2009-12-24 15:26:14

2010-01-05 14:24:58

2012-05-08 19:15:42

2012-05-21 16:18:09

2010-01-26 14:28:10

點贊
收藏

51CTO技術棧公眾號