802.1X认证典型配置举例
Copyright ? 2014 杭州华三通信技术有限公司 版权所有,保留一切权利。
非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部,并不得以任何形式传播。本文档中的信息可能变动,恕不另行通知。
目 录
1 简介 ······························································································································ 1 2 配置前提 ························································································································ 1 3 配置举例 ························································································································ 1
3.1 组网需求 ····················································································································· 1 3.2 配置思路 ····················································································································· 1 3.3 配置注意事项 ··············································································································· 1 3.4 配置步骤 ····················································································································· 2
3.4.1 AC的配置 ··········································································································· 2 3.4.2 RADIUS服务器的配置 ··························································································· 4 3.5 验证配置 ····················································································································· 6 3.6 配置文件 ··················································································································· 10
4 相关资料 ······················································································································ 12
i
1 简介
本文档介绍无线控制器802.1X认证典型配置举例。
2 配置前提
本文档不严格与具体软、硬件版本对应,如果使用过程中与产品实际情况有差异,请参考相关产品手册,或以设备实际情况为准。
本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。
本文档假设您已了解AAA、802.1X、WLAN特性。
3 配置举例
3.1 组网需求
如图1所示组网,采用iMC作为RADIUS服务器,要求:
? ? ?
在AC上启用802.1X远程认证,实现对Client的接入控制。 802.1X认证方式采用EAP中继方式。
采用加密类型的服务模板,加密套件采用TKIP。
图1 802.1X远程认证组网图
8.1.1.16/248.1.1.1/24ACRADIUS serverAPClient
3.2 配置思路
? ?
由于部分802.1X客户端不支持与设备进行握手报文的交互,因此需要关闭设备的在线用户握手功能,避免该类型的在线用户因没有回应握手报文而被强制下线。
对于无线局域网来说,802.1X认证可以由客户端主动发起,或由无线模块发现用户后自动触发,不需要通过端口定期发送802.1X组播报文的方式来触发。同时,组播触发报文会占用无线的通信带宽,因此建议无线局域网中的接入设备关闭802.1X组播触发功能。
3.3 配置注意事项
?
由于端口安全特性通过多种安全模式提供了802.1X认证的扩展和组合应用,因此在无特殊组网要求的情况下,无线环境中通常使用端口安全特性。
1