H3C交换机 802.1X+AD+CA+IAS进行802.1x身份验证
2010-06-13 11:14
309 查看
网络拓扑: <layer_2_3>dis cu # sysname layer_2_3 # domain default enable autonavi.com //使能自己建立的域 # loopback-detection enable # gvrp # dot1x //全局启用802.1x dot1x authentication-method eap //使用EAP验证方式 # radius scheme system radius scheme test //建立test server-type standard primary authentication 192.168.0.2 //指定主验证服务器,还可以指定辅验证服务器 accounting optional //计费可选项,注意,当没有计费服务器,必须加上这条命令,否则无法验证通过 key authentication test //验证密码:test # domain test.com //建立域test.com scheme radius-scheme test //使用上面建立的radius schem:test vlan-assignment-mode string //指定VLAN匹配模式为字符型(string),也可以指定匹配模式为整形(integer),这个与radius server属性里面的设置是相关联的。 domain system # stp enable # # vlan 1 # vlan 3 name test # vlan 21 name guest-vlan # interface Vlan-interface1 ip address 192.168.0.1 255.255.255.0 # interface Vlan-interface7 # interface Aux1/0/0 # interface Ethernet1/0/1 broadcast-suppression 40 port access vlan 3 # interface Ethernet1/0/2 broadcast-suppression 40 port access vlan 3 # interface Ethernet1/0/3 broadcast-suppression 40 //广播抑制,无关紧要。 dot1x port-method portbased dot1x guest-vlan 21 //验证不通过时,将获得vlan21的内容。 dot1x # interface Ethernet1/0/4 broadcast-suppression 40 port access vlan 3 # interface Ethernet1/0/5 broadcast-suppression 40 port access vlan 3 # interface Ethernet1/0/6 broadcast-suppression 40 port access vlan 3 # interface Ethernet1/0/7 broadcast-suppression 40 port access vlan 3 # interface Ethernet1/0/8 broadcast-suppression 40 port access vlan 3 # interface Ethernet1/0/9 broadcast-suppression 40 port access vlan 3 # interface Ethernet1/0/10 broadcast-suppression 40 port access vlan 3 # interface Ethernet1/0/11 broadcast-suppression 40 port access vlan 3 # interface Ethernet1/0/12 broadcast-suppression 40 port access vlan 3 # interface Ethernet1/0/13 broadcast-suppression 40 port access vlan 3 # interface Ethernet1/0/14 broadcast-suppression 40 port access vlan 3 # interface Ethernet1/0/15 broadcast-suppression 40 port access vlan 3 # interface Ethernet1/0/16 broadcast-suppression 40 port access vlan 3 # interface Ethernet1/0/17 broadcast-suppression 40 port access vlan 3 # interface Ethernet1/0/18 broadcast-suppression 40 port access vlan 3 # interface Ethernet1/0/19 broadcast-suppression 40 port access vlan 3 # interface Ethernet1/0/20 broadcast-suppression 40 port access vlan 3 # interface Ethernet1/0/21 broadcast-suppression 40 port access vlan 3 # interface Ethernet1/0/22 broadcast-suppression 40 port access vlan 3 # interface Ethernet1/0/23 broadcast-suppression 40 port access vlan 3 # interface Ethernet1/0/24 broadcast-suppression 40 port access vlan 3 # interface GigabitEthernet1/1/1 port link-type trunk port trunk permit vlan all broadcast-suppression 40 gvrp # interface GigabitEthernet1/1/2 port link-type trunk port trunk permit vlan all broadcast-suppression 40 # interface GigabitEthernet1/1/3 port link-type trunk port trunk permit vlan all broadcast-suppression 40 gvrp # interface GigabitEthernet1/1/4 broadcast-suppression 40 port access vlan 3 # undo irf-fabric authentication-mode # interface NULL0 # voice vlan mac-address 0001-e300-0000 mask ffff-ff00-0000 # # # user-interface aux 0 7 user-interface vty 1 4 # return |
相关文章推荐
- H3C交换机 802.1X+AD+CA+IAS进行802.1x身份验证
- H3C交换机 802.1X+AD+CA+IAS进行802.1x身份验证
- H3C交换机 802.1X+AD+CA+IAS进行802.1x身份验证
- H3C交换机 802.1X+AD+CA+IAS进行802.1x身份验证
- Cisco 2950G 802.1X+AD+CA+IAS进行802.1x身份验证
- H3C交换机 802.1X+AD+CA+IAS进行RADIUS身份验证
- Cisco 2950G 802.1X+AD+CA+IAS进行802.1x身份验证
- Cisco 2950G 802.1X+AD+CA+IAS进行802.1x身份验证
- Cisco 2950G 802.1X+AD+CA+IAS进行802.1x身份验证
- Cisco 2950G 802.1X+AD+CA+IAS进行802.1x身份验证
- Cisco 2950G 802.1X+AD+CA+IAS进行802.1x身份验证
- Cisco 2950G 802.1X+AD+CA+IAS进行802.1x身份验证
- 在ASP.NET Atlas中结合Membership进行身份验证
- Django使用email进行身份验证
- IIS 访问需要用户名和密码 (需要进行身份验证)
- 在Windows和UNIX下利用PHP和LDAP进行身份验证
- 利用asp.net进行视频文件的身份验证
- 在IIS中使用Windows域服务器域摘要式身份验证对Web应用程序进行访问
- BO 与 Windows AD 进行身份验证整合,注意事项!
- 通过使用客户端证书调用 Web 服务进行身份验证{转}