您的位置：首页 > 其它

自学Aruba5.3.4-Aruba安全认证-有PEFNG 许可证环境的认证配置802.1x

2018-01-17 13:48 447 查看

自学Aruba5.3.4-Aruba安全认证-有PEFNG 许可证环境的认证配置802.1x

1. 采用InterDB认证服务器完成802.1X认证

1 (Aruba650) #configure terminal
2 (Aruba650) (config) #aaa server-group dot1x-server
3 (Aruba650) (Server Group "dot1x-server") #auth-server Internal
4 (Aruba650) (Server Group "dot1x-server") #set role condition role value-of
5 (Aruba650) (Server Group "dot1x-server") #exit
6
7 (Aruba650) (config) #aaa authentication dot1x dot1x-auth
8 (Aruba650) (802.1X Authentication Profile "dot1x-auth") #termination enable
9 (Aruba650) (802.1X Authentication Profile "dot1x-auth") #termination eap-type eap-peap
10 (Aruba650) (802.1X Authentication Profile "dot1x-auth") #termination inner-eap-type eap-mschapv2
11 (Aruba650) (802.1X Authentication Profile "dot1x-auth") #exit
12
13 (Aruba650) (config) #aaa profile dot1x-profile
14 (Aruba650) (AAA Profile "dot1x-profile") #dot1x-default-role authenticated  ##定义dot1x认证后的默认角色，如果没有服务器派生角色产生，用户将得到该角色
15 (Aruba650) (AAA Profile "dot1x-profile") #dot1x-server-group dot1x-server
16 (Aruba650) (AAA Profile "dot1x-profile") #authentication-dot1x dot1x-auth
17 (Aruba650) (AAA Profile "dot1x-profile") #exit
18
19 (Aruba650) (config) #wlan ssid-profile dot1x-ssid
20 (Aruba650) (SSID Profile "dot1x-ssid") #essid 802.1x
21 (Aruba650) (SSID Profile "dot1x-ssid") #opmode wpa-tkip
22 (Aruba650) (SSID Profile "dot1x-ssid") #opmode wpa2-aes
23 (Aruba650) (SSID Profile "dot1x-ssid") #exit
24
25 (Aruba650) (config) #wlan virtual-ap dot1x-vap
26 (Aruba650) (Virtual AP profile "dot1x") #aaa-profile dot1x-profile
27 (Aruba650) (Virtual AP profile "dot1x") #ssid-profile dot1x-ssid
28 (Aruba650) (Virtual AP profile "dot1x") #vlan 1
29 (Aruba650) (Virtual AP profile "dot1x") #exit
30
31 (Aruba650) (config) #ap-group 802xyk
32 (Aruba650) (AP group "802xyk") #virtual-ap dot1x-vap
33 (Aruba650) (AP group "802xyk") #exit

1 (Aruba650) #local-userdb add username test1 password 123456 role web-1
2 (Aruba650) #local-userdb add username test2 password 123456 role web-2

2. 采用LDAP认证认证服务器完成802.1X认证

1 (Aruba650) #configure terminal
2 (Aruba650) (config) #aaa authentication-server ldap ad
3 (Aruba650) (LDAP Server "ad") #host 172.18.50.30
4 (Aruba650) (LDAP Server "ad") #admin-dn cn=rui,cn=Users,dc=ruitest,dc=com
5 (Aruba650) (LDAP Server "ad") #admin-passwd 123456
6 (Aruba650) (LDAP Server "ad") #allow-cleartext
7 (Aruba650) (LDAP Server "ad") #base-dn cn=Users,dc=ruitest,dc=com
8 (Aruba650) (LDAP Server "ad") #preferred-conn-type clear-text
9 (Aruba650) (LDAP Server "ad") #exit

1 (Aruba650) #aaa test-server pap ad carlos 123456
2 Authentication Successful

1 (Aruba650) # aaa query-user ad carlos
2 objectClass: top
3 objectClass: person
4 objectClass: organizationalPerson
5 objectClass: user
6 cn: carlos
7 sn: carlos
8 distinguishedName: CN=carlos,CN=Users,DC=ruitest,DC=com
9 instanceType: 4
10 whenCreated: 20180117110333.0Z
11 whenChanged: 20180117110404.0Z
12 displayName: carlos
13 uSNCreated: 368694
14 memberOf: CN=tech1,CN=Users,DC=ruitest,DC=com
15 uSNChanged: 368706
16 name: carlos
17 objectGUID: n\240\203\277T\345\002K\235\202y\351\372\240<\376
18 userAccountControl: 66048
19 badPwdCount: 0

1 (Aruba650) (config) #aaa server-group dot1x-server
2 (Aruba650) (Server Group "dot1x-server") #no auth-server ias
3 (Aruba650) (Server Group "dot1x-server") #auth-server ad
4 (Aruba650) (Server Group "dot1x-server") #set role condition memberOf equals CN=tech1,CN=Users,DC=ruitest,DC=com set-value web-1 ##返回组名为test1，匹配到role web-1
5 (Aruba650) (Server Group "dot1x-server") #set role condition memberOf equals CN=tech2,CN=Users,DC=ruitest,DC=com set-value web-2
6 (Aruba650) (Server Group "dot1x-server") #exit
7
8 (Aruba650) (config) #aaa authentication dot1x dot1x-auth
9 (Aruba650) (802.1X Authentication Profile "dot1x-auth") #dot1x-default-role role-1 ##定义dot1x认证后的默认角色，如果没有服务器派生角色产生，用户将得到该角色
10 (Aruba650) (802.1X Authentication Profile "dot1x-auth") #termination enable
11 (Aruba650) (802.1X Authentication Profile "dot1x-auth") #termination eap-type eap-peap
12 (Aruba650) (802.1X Authentication Profile "dot1x-auth") #termination eap-type eap-tls
13 (Aruba650) (802.1X Authentication Profile "dot1x-auth") #no termination inner-eap-type eap-mschapv2
14 (Aruba650) (802.1X Authentication Profile "dot1x-auth") #termination inner-eap-type eap-gtc
15
16 (Aruba650) (config) #aaa profile dot1x-profile
17 (Aruba650) (AAA Profile "dot1x-profile") #dot1x-default-role authenticated  ##定义dot1x认证后的默认角色，如果没有服务器派生角色产生，用户将得到该角色
18 (Aruba650) (AAA Profile "dot1x-profile") #dot1x-server-group dot1x-server
19 (Aruba650) (AAA Profile "dot1x-profile") #authentication-dot1x dot1x-auth
20 (Aruba650) (AAA Profile "dot1x-profile") #exit
21
22 (Aruba650) (config) #wlan ssid-profile dot1x-ssid
23 (Aruba650) (SSID Profile "dot1x-ssid") #essid 802.1x
24 (Aruba650) (SSID Profile "dot1x-ssid") #opmode wpa-tkip
25 (Aruba650) (SSID Profile "dot1x-ssid") #opmode wpa2-aes
26 (Aruba650) (SSID Profile "dot1x-ssid") #exit
27
28 (Aruba650) (config) #wlan virtual-ap dot1x-vap
29 (Aruba650) (Virtual AP profile "dot1x") #aaa-profile dot1x-profile
30 (Aruba650) (Virtual AP profile "dot1x") #ssid-profile dot1x-ssid
31 (Aruba650) (Virtual AP profile "dot1x") #vlan 1
32 (Aruba650) (Virtual AP profile "dot1x") #exit
33
34 (Aruba650) (config) #ap-group 802xyk
35 (Aruba650) (AP group "802xyk") #virtual-ap dot1x-vap
36 (Aruba650) (AP group "802xyk") #exit

3. 采用Radis认证认证服务器完成802.1X认证

1 (Aruba650) #configure terminal
2 (Aruba650) (config) #aaa authentication-server radius ias
3 (Aruba650) (RADIUS Server "ias") #host 172.18.50.30
4 (Aruba650) (RADIUS Server "ias") #key 123456
5 (Aruba650) (RADIUS Server "ias") #exit

1 (Aruba650) #aaa test-server mschapv2 ad carlos 123456
2 Authentication Successful

ISA配置需要注意：

1 (Aruba650) (config) #aaa server-group dot1x-server
2 (Aruba650) (Server Group "dot1x-server") #no auth-server Internal
3 (Aruba650) (Server Group "dot1x-server") #auth-server ias
4 (Aruba650) (Server Group "dot1x-server") # set role condition role value-of
5 (Aruba650) (Server Group "dot1x-server") #exit
6
7 (Aruba650) (config) #aaa authentication dot1x dot1x-auth
8 (Aruba650) (802.1X Authentication Profile "dot1x-auth") #termination enable
9 (Aruba650) (802.1X Authentication Profile "dot1x-auth") #termination eap-type eap-peap
10 (Aruba650) (802.1X Authentication Profile "dot1x-auth") #termination inner-eap-type eap-mschapv2
11 (Aruba650) (802.1X Authentication Profile "dot1x-auth") #exit
12
13 (Aruba650) (config) #aaa profile dot1x-profile
14 (Aruba650) (AAA Profile "dot1x-profile") #dot1x-default-role authenticated  ##定义dot1x认证后的默认角色，如果没有服务器派生角色产生，用户将得到该角色
15 (Aruba650) (AAA Profile "dot1x-profile") #dot1x-server-group dot1x-server
16 (Aruba650) (AAA Profile "dot1x-profile") #authentication-dot1x dot1x-auth
17 (Aruba650) (AAA Profile "dot1x-profile") #exit
18
19 (Aruba650) (config) #wlan ssid-profile dot1x-ssid
20 (Aruba650) (SSID Profile "dot1x-ssid") #essid 802.1x
21 (Aruba650) (SSID Profile "dot1x-ssid") #opmode wpa-tkip
22 (Aruba650) (SSID Profile "dot1x-ssid") #opmode wpa2-aes
23  (Aruba650) (SSID Profile "dot1x-ssid") #exit
24
25 (Aruba650) (config) #wlan virtual-ap dot1x-vap
26 (Aruba650) (Virtual AP profile "dot1x") #aaa-profile dot1x-profile
27 (Aruba650) (Virtual AP profile "dot1x") #ssid-profile dot1x-ssid
28 (Aruba650) (Virtual AP profile "dot1x") #vlan 1
29 (Aruba650) (Virtual AP profile "dot1x") #exit
30
31 (Aruba650) (config) #ap-group 802xyk
32 (Aruba650) (AP group "802xyk") #virtual-ap dot1x-vap
33 (Aruba650) (AP group "802xyk") #exit

内容来自用户分享和网络整理，不保证内容的准确性，如有侵权内容，可联系管理员处理

标签：

相关文章推荐

新的分享

章节导航