自学Aruba5.3.4-Aruba安全认证-有PEFNG 许可证环境的认证配置802.1x
2018-01-17 13:48
447 查看
自学Aruba5.3.4-Aruba安全认证-有PEFNG 许可证环境的认证配置802.1x
1. 采用InterDB认证服务器完成802.1X认证
1 (Aruba650) #configure terminal 2 (Aruba650) (config) #aaa server-group dot1x-server 3 (Aruba650) (Server Group "dot1x-server") #auth-server Internal 4 (Aruba650) (Server Group "dot1x-server") #set role condition role value-of 5 (Aruba650) (Server Group "dot1x-server") #exit 6 7 (Aruba650) (config) #aaa authentication dot1x dot1x-auth 8 (Aruba650) (802.1X Authentication Profile "dot1x-auth") #termination enable 9 (Aruba650) (802.1X Authentication Profile "dot1x-auth") #termination eap-type eap-peap 10 (Aruba650) (802.1X Authentication Profile "dot1x-auth") #termination inner-eap-type eap-mschapv2 11 (Aruba650) (802.1X Authentication Profile "dot1x-auth") #exit 12 13 (Aruba650) (config) #aaa profile dot1x-profile 14 (Aruba650) (AAA Profile "dot1x-profile") #dot1x-default-role authenticated ##定义dot1x认证后的默认角色,如果没有服务器派生角色产生,用户将得到该角色 15 (Aruba650) (AAA Profile "dot1x-profile") #dot1x-server-group dot1x-server 16 (Aruba650) (AAA Profile "dot1x-profile") #authentication-dot1x dot1x-auth 17 (Aruba650) (AAA Profile "dot1x-profile") #exit 18 19 (Aruba650) (config) #wlan ssid-profile dot1x-ssid 20 (Aruba650) (SSID Profile "dot1x-ssid") #essid 802.1x 21 (Aruba650) (SSID Profile "dot1x-ssid") #opmode wpa-tkip 22 (Aruba650) (SSID Profile "dot1x-ssid") #opmode wpa2-aes 23 (Aruba650) (SSID Profile "dot1x-ssid") #exit 24 25 (Aruba650) (config) #wlan virtual-ap dot1x-vap 26 (Aruba650) (Virtual AP profile "dot1x") #aaa-profile dot1x-profile 27 (Aruba650) (Virtual AP profile "dot1x") #ssid-profile dot1x-ssid 28 (Aruba650) (Virtual AP profile "dot1x") #vlan 1 29 (Aruba650) (Virtual AP profile "dot1x") #exit 30 31 (Aruba650) (config) #ap-group 802xyk 32 (Aruba650) (AP group "802xyk") #virtual-ap dot1x-vap 33 (Aruba650) (AP group "802xyk") #exit
1 (Aruba650) #local-userdb add username test1 password 123456 role web-1 2 (Aruba650) #local-userdb add username test2 password 123456 role web-2
2. 采用LDAP认证认证服务器完成802.1X认证
1 (Aruba650) #configure terminal 2 (Aruba650) (config) #aaa authentication-server ldap ad 3 (Aruba650) (LDAP Server "ad") #host 172.18.50.30 4 (Aruba650) (LDAP Server "ad") #admin-dn cn=rui,cn=Users,dc=ruitest,dc=com 5 (Aruba650) (LDAP Server "ad") #admin-passwd 123456 6 (Aruba650) (LDAP Server "ad") #allow-cleartext 7 (Aruba650) (LDAP Server "ad") #base-dn cn=Users,dc=ruitest,dc=com 8 (Aruba650) (LDAP Server "ad") #preferred-conn-type clear-text 9 (Aruba650) (LDAP Server "ad") #exit
1 (Aruba650) #aaa test-server pap ad carlos 123456 2 Authentication Successful
1 (Aruba650) # aaa query-user ad carlos 2 objectClass: top 3 objectClass: person 4 objectClass: organizationalPerson 5 objectClass: user 6 cn: carlos 7 sn: carlos 8 distinguishedName: CN=carlos,CN=Users,DC=ruitest,DC=com 9 instanceType: 4 10 whenCreated: 20180117110333.0Z 11 whenChanged: 20180117110404.0Z 12 displayName: carlos 13 uSNCreated: 368694 14 memberOf: CN=tech1,CN=Users,DC=ruitest,DC=com 15 uSNChanged: 368706 16 name: carlos 17 objectGUID: n\240\203\277T\345\002K\235\202y\351\372\240<\376 18 userAccountControl: 66048 19 badPwdCount: 0
1 (Aruba650) (config) #aaa server-group dot1x-server 2 (Aruba650) (Server Group "dot1x-server") #no auth-server ias 3 (Aruba650) (Server Group "dot1x-server") #auth-server ad 4 (Aruba650) (Server Group "dot1x-server") #set role condition memberOf equals CN=tech1,CN=Users,DC=ruitest,DC=com set-value web-1 ##返回组名为test1,匹配到role web-1 5 (Aruba650) (Server Group "dot1x-server") #set role condition memberOf equals CN=tech2,CN=Users,DC=ruitest,DC=com set-value web-2 6 (Aruba650) (Server Group "dot1x-server") #exit 7 8 (Aruba650) (config) #aaa authentication dot1x dot1x-auth 9 (Aruba650) (802.1X Authentication Profile "dot1x-auth") #dot1x-default-role role-1 ##定义dot1x认证后的默认角色,如果没有服务器派生角色产生,用户将得到该角色 10 (Aruba650) (802.1X Authentication Profile "dot1x-auth") #termination enable 11 (Aruba650) (802.1X Authentication Profile "dot1x-auth") #termination eap-type eap-peap 12 (Aruba650) (802.1X Authentication Profile "dot1x-auth") #termination eap-type eap-tls 13 (Aruba650) (802.1X Authentication Profile "dot1x-auth") #no termination inner-eap-type eap-mschapv2 14 (Aruba650) (802.1X Authentication Profile "dot1x-auth") #termination inner-eap-type eap-gtc 15 16 (Aruba650) (config) #aaa profile dot1x-profile 17 (Aruba650) (AAA Profile "dot1x-profile") #dot1x-default-role authenticated ##定义dot1x认证后的默认角色,如果没有服务器派生角色产生,用户将得到该角色 18 (Aruba650) (AAA Profile "dot1x-profile") #dot1x-server-group dot1x-server 19 (Aruba650) (AAA Profile "dot1x-profile") #authentication-dot1x dot1x-auth 20 (Aruba650) (AAA Profile "dot1x-profile") #exit 21 22 (Aruba650) (config) #wlan ssid-profile dot1x-ssid 23 (Aruba650) (SSID Profile "dot1x-ssid") #essid 802.1x 24 (Aruba650) (SSID Profile "dot1x-ssid") #opmode wpa-tkip 25 (Aruba650) (SSID Profile "dot1x-ssid") #opmode wpa2-aes 26 (Aruba650) (SSID Profile "dot1x-ssid") #exit 27 28 (Aruba650) (config) #wlan virtual-ap dot1x-vap 29 (Aruba650) (Virtual AP profile "dot1x") #aaa-profile dot1x-profile 30 (Aruba650) (Virtual AP profile "dot1x") #ssid-profile dot1x-ssid 31 (Aruba650) (Virtual AP profile "dot1x") #vlan 1 32 (Aruba650) (Virtual AP profile "dot1x") #exit 33 34 (Aruba650) (config) #ap-group 802xyk 35 (Aruba650) (AP group "802xyk") #virtual-ap dot1x-vap 36 (Aruba650) (AP group "802xyk") #exit
3. 采用Radis认证认证服务器完成802.1X认证
1 (Aruba650) #configure terminal 2 (Aruba650) (config) #aaa authentication-server radius ias 3 (Aruba650) (RADIUS Server "ias") #host 172.18.50.30 4 (Aruba650) (RADIUS Server "ias") #key 123456 5 (Aruba650) (RADIUS Server "ias") #exit
1 (Aruba650) #aaa test-server mschapv2 ad carlos 123456 2 Authentication Successful
ISA配置需要注意:
1 (Aruba650) (config) #aaa server-group dot1x-server 2 (Aruba650) (Server Group "dot1x-server") #no auth-server Internal 3 (Aruba650) (Server Group "dot1x-server") #auth-server ias 4 (Aruba650) (Server Group "dot1x-server") # set role condition role value-of 5 (Aruba650) (Server Group "dot1x-server") #exit 6 7 (Aruba650) (config) #aaa authentication dot1x dot1x-auth 8 (Aruba650) (802.1X Authentication Profile "dot1x-auth") #termination enable 9 (Aruba650) (802.1X Authentication Profile "dot1x-auth") #termination eap-type eap-peap 10 (Aruba650) (802.1X Authentication Profile "dot1x-auth") #termination inner-eap-type eap-mschapv2 11 (Aruba650) (802.1X Authentication Profile "dot1x-auth") #exit 12 13 (Aruba650) (config) #aaa profile dot1x-profile 14 (Aruba650) (AAA Profile "dot1x-profile") #dot1x-default-role authenticated ##定义dot1x认证后的默认角色,如果没有服务器派生角色产生,用户将得到该角色 15 (Aruba650) (AAA Profile "dot1x-profile") #dot1x-server-group dot1x-server 16 (Aruba650) (AAA Profile "dot1x-profile") #authentication-dot1x dot1x-auth 17 (Aruba650) (AAA Profile "dot1x-profile") #exit 18 19 (Aruba650) (config) #wlan ssid-profile dot1x-ssid 20 (Aruba650) (SSID Profile "dot1x-ssid") #essid 802.1x 21 (Aruba650) (SSID Profile "dot1x-ssid") #opmode wpa-tkip 22 (Aruba650) (SSID Profile "dot1x-ssid") #opmode wpa2-aes 23 (Aruba650) (SSID Profile "dot1x-ssid") #exit 24 25 (Aruba650) (config) #wlan virtual-ap dot1x-vap 26 (Aruba650) (Virtual AP profile "dot1x") #aaa-profile dot1x-profile 27 (Aruba650) (Virtual AP profile "dot1x") #ssid-profile dot1x-ssid 28 (Aruba650) (Virtual AP profile "dot1x") #vlan 1 29 (Aruba650) (Virtual AP profile "dot1x") #exit 30 31 (Aruba650) (config) #ap-group 802xyk 32 (Aruba650) (AP group "802xyk") #virtual-ap dot1x-vap 33 (Aruba650) (AP group "802xyk") #exit
相关文章推荐
- 自学Aruba5.3.2-Aruba安全认证-有PEFNG 许可证环境的认证配置MAC
- 自学Aruba5.3.1-Aruba安全认证-有PEFNG 许可证环境的认证配置OPEN、PSK
- 自学Aruba5.2-Aruba安全认证-有PEFNG 许可证环境的角色策略管理
- 自学Aruba7.2-Aruba安全认证-Portal认证(web页面配置)
- 自学Aruba7.1-Aruba安全认证-WPA2-PSK认证(web页面配置)
- 自学Aruba7.4-Aruba安全认证-MAC认证(web页面配置)
- Win2003环境下简单的安全配置
- [原创]JAAS 实现in Struts Web App,使用XMLPolicy文件,不改变VM安全配置(1)认证
- 交换机802.1X认证配置
- 需要安全认证的远程EJB调用示例(Jboss EAP 6.2环境)
- 配置ASA安全设配&&环境搭建 推荐
- CentOS5生产环境系统安全加固配置实例
- 如何在AIX上配置支持安全认证的NTP服务
- 交换机802.1X认证配置
- LNMP系列——Linux web环境的安全配置
- 配置springmvc/myeclipse开发环境及服务器安全
- Mongdb 3.4 复制集 分片 官方默认配置 无认证 Windows环境
- win2008 r2 服务器php+mysql+sqlserver2008运行环境配置(从安装、优化、安全等)