H3C交换机 802.1X+AD+CA+IAS进行802.1x身份验证
2009-03-17 10:14
459 查看
网络拓扑:
<layer_2_3>dis cu
#
sysname layer_2_3
#
domain default enable autonavi.com //使能自己建立的域
#
loopback-detection enable
#
gvrp
#
dot1x //全局启用802.1x
dot1x authentication-method eap //使用EAP验证方式
#
radius scheme system
radius scheme test //建立test
server-type standard
primary authentication 192.168.0.2 //指定主验证服务器,还可以指定辅验证服务器 accounting optional //计费可选项,注意,当没有计费服务器,必须加上这条命令,否则无法验证通过
key authentication test //验证密码:test
#
domain test.com //建立域test.com
scheme radius-scheme test //使用上面建立的radius schem:test
vlan-assignment-mode string //指定VLAN匹配模式为字符型(string),也可以指定匹配模式为整形(integer),这个与radius server属性里面的设置是相关联的。
domain system
#
stp enable
#
#
vlan 1
#
vlan 3name test
#
vlan 21name guest-vlan
#
interface Vlan-interface1
ip address 192.168.0.1 255.255.255.0
#
interface Vlan-interface7
#
interface Aux1/0/0
#
interface Ethernet1/0/1
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/2
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/3
broadcast-suppression 40 //广播抑制,无关紧要。
dot1x port-method portbased
dot1x guest-vlan 21 //验证不通过时,将获得vlan21的内容。
dot1x
#
interface Ethernet1/0/4
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/5
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/6
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/7
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/8
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/9
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/10
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/11
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/12
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/13
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/14
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/15
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/16
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/17
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/18
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/19
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/20
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/21
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/22
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/23
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/24
broadcast-suppression 40
port access vlan 3
#
interface GigabitEthernet1/1/1
port link-type trunk
port trunk permit vlan all
broadcast-suppression 40
gvrp
#
interface GigabitEthernet1/1/2
port link-type trunk
port trunk permit vlan all
broadcast-suppression 40
#
interface GigabitEthernet1/1/3
port link-type trunk
port trunk permit vlan all
broadcast-suppression 40
gvrp
#
interface GigabitEthernet1/1/4
broadcast-suppression 40
port access vlan 3
#
undo irf-fabric authentication-mode
#
interface NULL0
#
voice vlan mac-address 0001-e300-0000 mask ffff-ff00-0000
#
#
#
user-interface aux 0 7
user-interface vty 1 4
#
return
本文出自 “define_myself” 博客,转载请与作者联系!
<layer_2_3>dis cu
#
sysname layer_2_3
#
domain default enable autonavi.com //使能自己建立的域
#
loopback-detection enable
#
gvrp
#
dot1x //全局启用802.1x
dot1x authentication-method eap //使用EAP验证方式
#
radius scheme system
radius scheme test //建立test
server-type standard
primary authentication 192.168.0.2 //指定主验证服务器,还可以指定辅验证服务器 accounting optional //计费可选项,注意,当没有计费服务器,必须加上这条命令,否则无法验证通过
key authentication test //验证密码:test
#
domain test.com //建立域test.com
scheme radius-scheme test //使用上面建立的radius schem:test
vlan-assignment-mode string //指定VLAN匹配模式为字符型(string),也可以指定匹配模式为整形(integer),这个与radius server属性里面的设置是相关联的。
domain system
#
stp enable
#
#
vlan 1
#
vlan 3name test
#
vlan 21name guest-vlan
#
interface Vlan-interface1
ip address 192.168.0.1 255.255.255.0
#
interface Vlan-interface7
#
interface Aux1/0/0
#
interface Ethernet1/0/1
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/2
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/3
broadcast-suppression 40 //广播抑制,无关紧要。
dot1x port-method portbased
dot1x guest-vlan 21 //验证不通过时,将获得vlan21的内容。
dot1x
#
interface Ethernet1/0/4
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/5
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/6
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/7
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/8
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/9
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/10
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/11
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/12
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/13
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/14
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/15
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/16
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/17
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/18
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/19
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/20
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/21
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/22
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/23
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/24
broadcast-suppression 40
port access vlan 3
#
interface GigabitEthernet1/1/1
port link-type trunk
port trunk permit vlan all
broadcast-suppression 40
gvrp
#
interface GigabitEthernet1/1/2
port link-type trunk
port trunk permit vlan all
broadcast-suppression 40
#
interface GigabitEthernet1/1/3
port link-type trunk
port trunk permit vlan all
broadcast-suppression 40
gvrp
#
interface GigabitEthernet1/1/4
broadcast-suppression 40
port access vlan 3
#
undo irf-fabric authentication-mode
#
interface NULL0
#
voice vlan mac-address 0001-e300-0000 mask ffff-ff00-0000
#
#
#
user-interface aux 0 7
user-interface vty 1 4
#
return
本文出自 “define_myself” 博客,转载请与作者联系!
相关文章推荐
- H3C交换机 802.1X+AD+CA+IAS进行802.1x身份验证
- H3C交换机 802.1X+AD+CA+IAS进行802.1x身份验证
- H3C交换机 802.1X+AD+CA+IAS进行802.1x身份验证
- H3C交换机 802.1X+AD+CA+IAS进行802.1x身份验证
- Cisco 2950G 802.1X+AD+CA+IAS进行802.1x身份验证
- H3C交换机 802.1X+AD+CA+IAS进行RADIUS身份验证
- Cisco 2950G 802.1X+AD+CA+IAS进行802.1x身份验证
- Cisco 2950G 802.1X+AD+CA+IAS进行802.1x身份验证
- Cisco 2950G 802.1X+AD+CA+IAS进行802.1x身份验证
- Cisco 2950G 802.1X+AD+CA+IAS进行802.1x身份验证
- Cisco 2950G 802.1X+AD+CA+IAS进行802.1x身份验证
- Cisco 2950G 802.1X+AD+CA+IAS进行802.1x身份验证
- 组建使用“智能卡”进行身份验证的***服务器
- 在ASP.NET Atlas中结合Membership进行身份验证
- 通过使用客户端证书调用 Web 服务以便在 ASP.NET Web 应用程序中进行身份验证
- Django使用email进行身份验证
- IIS 访问需要用户名和密码 (需要进行身份验证)
- 利用asp.net进行视频文件的身份验证
- 在Windows和UNIX下利用PHP和LDAP进行身份验证
- 在IIS中使用Windows域服务器域摘要式身份验证对Web应用程序进行访问