热门标签
热门文章
- 1Android Gradle 引用本地 AAR 的几种方式
- 2车道线检测1. lanenet代码精读(记录)_lanenet ncnn
- 3git篇:仓库fork后怎么同步_gitlabfork后如何同步原仓库代码
- 4Kafka的使用(Windows中)_windows启动kafka
- 5SSM学习39:AOP通知类型:环绕通知
- 6【深度学习】OCR中的Shrink反向扩展
- 7基于opencv的人脸检测(图片、视频、摄像头)_opencv人脸检测
- 8SSM实现Excel的导入导出功能_ssm中如何把服务器的excel文件以输出流方式返回到前端
- 9ubuntu1804 安装 jdk10.0 tomcat 9.0 mysql 8.0_ubuntu1804 apt安装jdk
- 10Linux中Nginx的HTTP和HTTPS常用配置以及proxy_pass详解
当前位置: article > 正文
华三交换机开设置802.1x和mac地址认证_802.1x配置mac认证
作者:喵喵爱编程 | 2024-07-19 22:06:46
赞
踩
802.1x配置mac认证
参考:
- dot1x
-
- dot1x authentication-method eap
-
- dot1x timer reauth-period 300
-
- radius scheme leagsoft
-
- primary authentication 10.1.88.11
-
- key authentication simple leagsoft
-
- user-name-format without-domain
-
- q
-
- domain leagsoft
-
- authentication lan-access radius-scheme leagsoft none
-
- authorization lan-access radius-scheme leagsoft none
-
- accounting lan-access radius-scheme leagsoft none
-
- q
-
- mac-authentication
-
- mac-authentication domain leagsoft
-
- mac-authentication user-name-format mac-address with-hyphen lowercase
-
- domain default enable leagsoft
-
- dot1x //开启全局的802.1x
-
- dot1x authentication-method eap //设备采用eap中继认证方式
-
- dot1x timer reauth-period 300 //设置重新认证定时器值为300秒
-
- radius scheme radius-test //创建radius方案
-
- radius-test primary authentication 192.168.1.88 //配置主认证服务器192.168.1.88
-
- key authentication cipher Start123! //配置设备与radius服务器交互报文时的共享密钥为Start123!,要与radius服务器中的一致
-
- user-name-format without-domain //配置发送给radius服务器的用户名不携带域名
-
- domain radius-test //创建radius-test域
-
- authentication lan-access radius-scheme radius-test none //配置802.1x用户使用radius-test的radius方案进行认证
-
- authorization lan-access radius-scheme radius-test none //配置802.1x用户使用radius-test的radius方案进行授权
-
- accounting lan-access radius-scheme radius-test none //配置802.1x用户使用radius-test的radius方案进行计费
-
- domain default enable radius-test
-
- mac-authentication //开启全局mac地址认证
-
- mac-authentication domain radius-test //指定mac地址认证时使用的认证域
-
- mac-authentication user-name-format mac-address with-hyphen lowercase //配置mac地址认证时用户名格式,其中字母为小写,且不带连字符-
-
- interface GigabitEthernet1/0/7
-
- port access vlan 21
-
- stp edged-port
-
- dot1x //端口上开启802.1x
-
- undo dot1x handshake //关闭交换机接口握手功能
-
- dot1x mandatory-domain radius-test //指定当前端口上接入的802.1x用户使用强制认证域
-
- radius-test mac-authentication //在端口上开启mac地址认证
-
- mac-authentication domain radius-test //指定当前端口上接入的802.1x用户使用强制认证域
-
- radius-test mac-authentication timer auth-delay 10 //优先使用802.1x认证,如果认证不通过, 10秒后使用mac地址认证
附加:
- 开头
- #
- dot1x
- dot1x authentication-method eap
- #
- lldp global enable
- #
- password-recovery enable
-
-
-
- 接口
-
- interface GigabitEthernet1/0/1
- description caoningsheng
- port access vlan 1251
- dot1x
- undo dot1x handshake
- dot1x port-method portbased
- dot1x guest-vlan 421
- #
- interface GigabitEthernet1/0/2
- port access vlan 1123
- dot1x
- undo dot1x handshake
- dot1x port-method portbased
- dot1x guest-vlan 421
- #
- interface GigabitEthernet1/0/3
- port access vlan 1251
- dot1x
- undo dot1x handshake
- dot1x port-method portbased
- dot1x guest-vlan 421
- #
- interface GigabitEthernet1/0/4
- description zhanghailiang
- port access vlan 1231
- shutdown
- dot1x
- undo dot1x handshake
- dot1x port-method portbased
- dot1x guest-vlan 421
-
-
- 结尾
- #
- radius scheme system
- user-name-format without-domain
- #
- radius scheme uniaccess
- primary authentication 192.168.1.1
- secondary authentication 192.168.1.2
- key authentication simlp soft
- key accounting simlp soft
- user-name-format without-domain
- #
- domain system
- #
- domain uniaccess
- authentication lan-access radius-scheme uniaccess
- authorization lan-access radius-scheme uniaccess
- accounting lan-access radius-scheme uniaccess
- #
- domain default enable uniaccess
-
-
-
-
-
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/喵喵爱编程/article/detail/853755
推荐阅读
相关标签
