No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S2700, S3700, S5700, S6700, S7700, and S9700 Series Switches Typical Configuration Examples

This document provides examples for configuring features in typical usage scenarios.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Interoperability Between Huawei Switches and Third-Party Authentication Servers

Interoperability Between Huawei Switches and Third-Party Authentication Servers

Interoperability between Huawei switches and Cisco ISE

Item Description
Types of servers that the ISE can act as
  • RADIUS authentication, accounting, and authorization servers
  • HWTACACS authentication, accounting, and authorization servers
  • Portal server
User authentication modes
  • 802.1X authentication
  • MAC address authentication
  • HTTP/HTTPS-based Portal authentication
  • Combined authentication
Authentication protocol that can used by the 802.1X client
  • PAP
  • CHAP
  • EAP-MD5
  • EAP-TLS
  • EAP-TTLS
  • EAP-FAST
  • EAP-PEAP
Attributes that can be assigned by the ISE to successfully authenticated users All standard RADIUS attributes and Huawei extended RADIUS attributes. The common authorization attributes include the following:
  • VLAN
  • Static ACL: Only ACL ID is specified.
  • Dynamic ACL: Both the ACL ID and rules contained in the ACL are specified.
  • Rate limiting on user packets
  • AAA service scheme
  • UCL group
Authorization for users who have not passed authentication successfully, that is, the escape function Users in the escape state can be assigned the following attributes:
  • VLAN
  • UCL group
  • AAA service scheme: Service VLANs, voice VLANs, ACLs, UCL groups, and QoS profiles can be bound to an AAA service scheme.
Functions that can be implemented using RADIUS CoA/DM packets
  • Using RADIUS CoA packets to reauthenticate users
  • Using RADIUS CoA packets to intermittently disconnect the interface to which the authorized users are connected (supported only by switches running V200R012C00 and later versions)
  • Using RADIUS CoA packets to shut down the interface to which the authorized users are connected (supported only by switches running V200R012C00 and later versions)
  • Using RADIUS DM packets to forcibly log out users
Methods for identifying terminal types
  • DHCP packet
  • User Agent (UA) field in HTTP packets
  • RADIUS attribute
  • NMAP
  • DNS packet
Posture Service Terminal health check: This function ensures that terminals accessing a network satisfy specified conditions, such as running a specific program and updating the patch or antivirus database to the latest version.
Guest management -
BYOD Bring your own device (BYOD) technology allows employees to connect to enterprise networks using their own mobile terminals, identifies the terminals types, and implements authentication and authorization based on user information, device type, and device operating environment.
Free mobility
  • Single-gateway scenario: Huawei Agile Controller-Campus delivers UCL group policies to switches. The ISE delivers a UCL group to the successfully authenticated users.
  • Multi-gateway scenario: Huawei Agile Controller-Campus delivers UCL group policies to switches. The ISE delivers a UCL group to the successfully authenticated users. Virtual Extensible LAN (VXLAN) is configured on switches to transmit UCL group information between multiple gateways.

Interoperability between Huawei switches and Aruba ClearPass

Item Description
Types of servers that ClearPass can act as
  • RADIUS authentication, accounting, and authorization servers
  • HWTACACS authentication, accounting, and authorization servers
  • Portal server
User authentication modes
  • 802.1X authentication
  • MAC address authentication
  • HTTP/HTTPS-based Portal authentication
Authentication protocol that can used by the 802.1X client
  • PAP
  • CHAP
  • EAP-GTC
  • EAP-MD5
  • EAP-TLS
  • EAP-TTLS
  • EAP-FAST
  • EAP-PEAP
Attributes that can be assigned by ClearPass to successfully authenticated users All standard RADIUS attributes and Huawei extended RADIUS attributes. The common authorization attributes include the following:
  • VLAN
  • Static ACL: Only ACL ID is specified.
  • Dynamic ACL: Both the ACL ID and rules contained in the ACL are specified.
  • Rate limiting on user packets
  • AAA service scheme
  • UCL group
Authorization for users who have not passed authentication successfully, that is, the escape function Users in the escape state can be assigned the following attributes:
  • VLAN
  • UCL group
  • AAA service scheme: Service VLANs, voice VLANs, ACLs, UCL groups, and QoS profiles can be bound to an AAA service scheme.
Functions that can be implemented using RADIUS CoA/DM packets
  • Using RADIUS CoA packets to reauthenticate users
  • Using RADIUS DM packets to forcibly log out users
Methods for identifying terminal types
  • DHCP packet
  • User Agent (UA) field in HTTP packets
  • SNMP packet
  • OUI (the first 24 bits of a MAC address)
Terminal health check This function ensures that terminals accessing a network satisfy specified conditions, such as running a specific program and updating the patch or antivirus database to the latest version.
Guest management -
BYOD BYOD technology allows employees to connect to enterprise networks using their own mobile terminals, identifies the terminals types, and implements authentication and authorization based on user information, device type, and device operating environment.
Free mobility Single-gateway scenario: Huawei Agile Controller-Campus delivers UCL group policies to switches. The ClearPass delivers a UCL group to the successfully authenticated users.
Download
Updated: 2019-04-20

Document ID: EDOC1000069520

Views: 665528

Downloads: 29870

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next