03-802.1X认证典型配置举例

802.1X认证典型配置举例

Copyright ? 2014 杭州华三通信技术有限公司 版权所有,保留一切权利。

非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部,并不得以任何形式传播。本文档中的信息可能变动,恕不另行通知。

目 录

1 简介 ······························································································································ 1 2 配置前提 ························································································································ 1 3 配置举例 ························································································································ 1

3.1 组网需求 ····················································································································· 1 3.2 配置思路 ····················································································································· 1 3.3 配置注意事项 ··············································································································· 1 3.4 配置步骤 ····················································································································· 2

3.4.1 AC的配置 ··········································································································· 2 3.4.2 RADIUS服务器的配置 ··························································································· 4 3.5 验证配置 ····················································································································· 6 3.6 配置文件 ··················································································································· 10

4 相关资料 ······················································································································ 12

i

1 简介

本文档介绍无线控制器802.1X认证典型配置举例。

2 配置前提

本文档不严格与具体软、硬件版本对应,如果使用过程中与产品实际情况有差异,请参考相关产品手册,或以设备实际情况为准。

本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。

本文档假设您已了解AAA、802.1X、WLAN特性。

3 配置举例

3.1 组网需求

如图1所示组网,采用iMC作为RADIUS服务器,要求:

? ? ?

在AC上启用802.1X远程认证,实现对Client的接入控制。 802.1X认证方式采用EAP中继方式。

采用加密类型的服务模板,加密套件采用TKIP。

图1 802.1X远程认证组网图

8.1.1.16/248.1.1.1/24ACRADIUS serverAPClient

3.2 配置思路

? ?

由于部分802.1X客户端不支持与设备进行握手报文的交互,因此需要关闭设备的在线用户握手功能,避免该类型的在线用户因没有回应握手报文而被强制下线。

对于无线局域网来说,802.1X认证可以由客户端主动发起,或由无线模块发现用户后自动触发,不需要通过端口定期发送802.1X组播报文的方式来触发。同时,组播触发报文会占用无线的通信带宽,因此建议无线局域网中的接入设备关闭802.1X组播触发功能。

3.3 配置注意事项

?

由于端口安全特性通过多种安全模式提供了802.1X认证的扩展和组合应用,因此在无特殊组网要求的情况下,无线环境中通常使用端口安全特性。

1

联系客服:779662525#qq.com(#替换为@) 苏ICP备20003344号-4