FAQ-AP5010DN-AGN-FATV200R005C10SPCA00本地MAC认证配置参考

发布时间:  2016-06-25 浏览次数:  120 下载次数:  0
问题描述

AP5010DN-AGN-FATV200R005C10SPCA00做本地MAC认证配置

解决方案

配置如下:

#
mac-authen   //全局开启MAC认证
mac-authen username macaddress format with-hyphen password cipher huawei123    // V200R003版本开始由于安全需要AAA视图下创建的用户名和密码不能相同所有的终端设置相同的密码

#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default 
domain default_admin 
local-user f48e-9215-2fe5 password cipher huawei123  // AAA视图下添加终端用户密码为固定密码
local-user f48e-9215-2fe5 service-type 8021x        // 必须设置用户类型为8021x

#
interface Vlanif1
ip address 169.254.1.1 255.255.0.0
#
interface Vlanif2
ip address 192.168.2.1 255.255.255.0
dhcp select interface
#
interface GigabitEthernet0/0/0
mac-learning priority 3
#
interface Wlan-Bss0
port hybrid pvid vlan 2
port hybrid untagged vlan 2
mac-authen                                     //空口下开启MAC认证
#
wlan
wmm-profile name wp id 0
traffic-profile name tp id 0
security-profile name sp id 0
service-set name st id 0
  Wlan-Bss 0
  ssid test
  traffic-profile id 0
  security-profile id 0
radio-profile name rp id 0
  wmm-profile id 0
#
interface Wlan-Radio0/0/0
radio-profile id 0
service-set id 0 wlan 1
#
interface Wlan-Radio0/0/1
#
undo ntp-service enable
#
return
[Huawei]  

<Huawei>display  mac-authen
  MAC address authentication is Enabled.
  Username format: use MAC address with-hyphen as username
  Password type: cipher
  Fixed password: %@%@di0jHA_Xh0.0xN2.,eY-Wy-|%@%@
  Quiet period is 60s
  Authentication fail times before quiet is 1
  Offline detect period is 300s
  Server response timeout value is 120s
  Reauthenticate period is 1800s
  Guest user reauthenticate period is 60s
  Maximum users: 64
  Current users: 1
  Global domain is not configured

Wlan-Bss0 state: UP.  MAC address authentication is enabled
  Reauthentication is enabled
  Reauthen Period: 1800s
  Current users: 1      
  Authentication Success: 12, Failure: 47

Online user(s) info:
UserId   MAC/VLAN            AccessTime              UserName
------------------------------------------------------------------------------
79       f48e-9215-2fe5/2    2005/07/27 20:10:21     f48e-9215-2fe5              // 终端上线认证成功
------------------------------------------------------------------------------

Total 1,1 printed
<Huawei>   

 

END