FAQ-S5700 dot1x本地认证

发布时间:  2015-02-15 浏览次数:  487 下载次数:  0
问题描述
S5700 dot1x本地认证。
解决方案

1)  创建VLAN 100,端口Port_3加入VLAN 100;创建VLANIF 接口,为其配置IP 地址;
 

[DUT]vlan 100

[DUT]interface gigabitethernet 0/0/1

[DUT-GigabitEthernet0/0/1]port default vlan 100

[DUT]interface vlanif 100

[DUT-vlanif100]ip address 192.168.0.10 24

 

2)  配置本地用户,并配置本地认证域;
 

[DUT]aaa

[DUT-aaa]local-user huawei password simple hello

info: A new user added

[DUT-aaa]local-user huawei service-type 8021x

Configure local authentication domain

[DUT-aaa]authentication-scheme test

Info: Create a new authentication scheme

[DUT-aaa-authen-test]authentication-mode local

[DUT-aaa-authen-test]q

[DUT-aaa]authorization-scheme test

[DUT-aaa-author-test]authorization-mode none

[DUT-aaa-author-test]q

[DUT-aaa]domain default_admin

Info: Success to create a new domain

[DUT-aaa-domain- default_admin]authentication-scheme test

[DUT-aaa-domain- default_admin]authorization-scheme test

 

3)  使能全局的802.1x 认证功能;使能指定接口的802.1x 认证功能,并配置接口接入的最大用户数为1
 

[DUT] dot1x enable

[DUT] interface gigabitethernet0/0/1

[DUT-GigabitEthernet0/0/1] dot1x enable

[DUT] interface gigabitethernet0/0/2

[DUT-GigabitEthernet0/0/2] dot1x enable

END