No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S1720GFR, S2700, S5700, and S6720 V200R010C00 Web-based Configuration Guide

This document describes the configuration and maintenance of device through the web network management system. The web network management system provides the functions of viewing device information and managing the entire system, interfaces, services, ACL, QoS, routes, security, and tools.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example of Configuring 802.1x Authentication

Example of Configuring 802.1x Authentication

Networking Requirements

As shown in Figure 2-324, lots of users in a company access networks through GE0/0/1 of the Switch (used as an access device). After the network runs for a period of time, user attacks on the company intranet are detected. The administrator must control network access rights of user terminals to ensure network security. The Switch allows user terminals to access Internet resources only after they are authenticated.

Figure 2-324  Networking diagram for configuring 802.1x authentication

Configuration Description

To control the users' network access rights, the administrator can configure 802.1x authentication on the Switch after the server with the IP address 192.168.2.30 and authentication port 1812 is configured as the RADIUS server.

The configuration roadmap is as follows:

  1. Create and configure a RADIUS server template, an AAA scheme, and an authentication domain on the Switch; bind the RADIUS server template and the AAA scheme to the ISP domain. This step implements communication between the Switch and RADIUS server.
  2. Configure 802.1x authentication on the Switch. A maximum of 200 802.1x authentication users are allowed to access an interface, preventing excessive concurrent access users.

Before configuring 802.1x authentication, you must perform the following operations in sequence:

  1. Add GE0/0/1 to VLAN 10 and GE0/0/2 to VLAN 20.
  2. Configure the address of VLANIF 10 to 192.168.1.20 and that of VLANIF 20 to 192.168.2.29.

For detailed VLAN configuration operations, see VLAN.

NOTE:

Before configuring this example, ensure that devices can communicate with each other in the network.

Procedure

  1. Create a RADIUS template.
    1. Choose Security > AAA > RADIUS in the navigation tree to display the RADIUS page.
    2. Click Create under RADIUS Template to display the Create RADIUS Template page.
    3. Set Template name to rd1, and Key and Confirm key to huawei2012, as shown in Figure 2-325.

      Figure 2-325  Creating a RADIUS template

    4. Click OK.
  2. Configure the RADIUS authentication server.
    1. Return to the RADIUS page.
    2. Click Create under RADIUS Authentication/Accounting Server to display the Create RADIUS Authentication/Accounting Server page.
    3. Set the following parameters, as shown in Figure 2-326.

      • Select Authentication server from the Server type drop-down list box.
      • Select rd1 from the Template name drop-down list box.
      • Set IP address to 192.168.2.30.
      • Set Port to 1812.
      Figure 2-326  Configuring the RADIUS authentication server

    4. Click OK.
  3. Create and configure an AAA authentication scheme.
    1. Choose Security > AAA > AAA Scheme in the navigation tree to display the AAA Scheme page.
    2. Click Create to display the Create Authentication Scheme page.
    3. Set Authentication scheme name to abc. Select radius from the Mode1 drop-down list box, as shown in Figure 2-327.

      Figure 2-327  Creating and configuring an AAA authentication scheme

    4. Click OK.
  4. Create and configure an authentication domain.
    1. Choose Security > AAA > Domain in the navigation tree to display the Domain page.
    2. Click Create to display the Create Domain page.
    3. Set the following parameters, as shown in Figure 2-328.

      • Set Domain name to isp1.
      • Select abc from the Authentication scheme drop-down list box.
      • Select rd1 from the RADIUS template drop-down list box.
      Figure 2-328  Creating and configuring an authentication domain

    4. Click OK.
  5. Switch the NAC configuration mode.

    NOTE:
    • By default, the NAC unified mode is used. The 802.1x node is available only in the common mode. Before configuring 802.1x authentication, you need to switch the NAC configuration mode to common mode.
    • After the unified mode is switched to the common mode, you must save the configuration and restart the device to make each function in the new configuration mode take effect.

    1. Configure the next startup mode. Choose Security > AAA > Change Mode in the navigation tree to display the Change Mode page.
    2. Click Traditional, as shown in Figure 2-329.

      Figure 2-329  Switching the NAC configuration mode

    3. Click Apply. Then save the configuration and restart the device.
  6. Enable the 802.1x function globally.
    1. Choose Security > 802.1x > 802.1X Global Settings in the navigation tree to display the 802.1X Global Settings page.
    2. Select Enabled for Global 802.1X, as shown in Figure 2-330.

      Figure 2-330  Enabling the 802.1x function globally

    3. Click Apply.
  7. Configure 802.1x parameters on an interface.
    1. Choose Security > 802.1X > 802.1X Interface Settings in the navigation tree to display the 802.1X Interface Settings page.
    2. Select GE0/0/1, and then click Configure to display the Configure 802.1X Interface Parameters page.
    3. Select Enabled for Enable 802.1X, and then set Max number of users to 200, as shown in Figure 2-331.

      Figure 2-331  Configuring 802.1x parameters on an interface
      NOTE:

      The value range of Max number of users varies depending on the device type.

    4. Click OK.
  8. Click in the navigation tree.

Result

  • The configured RADIUS template rd1 and authentication server configuration are displayed on the RADIUS page, as shown in Figure 2-332.
    Figure 2-332  RADIUS template rd1 and authentication server configuration
  • The configured authentication scheme abc is displayed on the AAA Scheme page, as shown in Figure 2-333.
    Figure 2-333  Authentication scheme abc
  • The configured domain isp1 is displayed on the Domain page, as shown in Figure 2-334.
    Figure 2-334  Domain isp1
  • The interface parameter settings are displayed on the 802.1X Interface Settings page, as shown in Figure 2-335.
    Figure 2-335  Interface parameter settings
Translation
Download
Updated: 2019-04-18

Document ID: EDOC1000114003

Views: 31295

Downloads: 977

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next