No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

NE40E V800R010C10SPC500 Configuration Guide - User Access 01

This is NE40E V800R010C10SPC500 Configuration Guide - User Access
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Example for Configuring 802.1X Access

Example for Configuring 802.1X Access

This section provides an example for configuring 802.1X access.

Networking Requirements

On the network shown in Figure 8-2, to allow the user to go online, configure 802.1X access. The requirements are as follows:

  • The user belongs to the domain isp4 and accesses the Internet through GE 1/0/0 on the router in 802.1X mode.

  • RADIUS authentication and RADIUS accounting are used.

    NOTE:

    In the 802.1X system, the NE40E functions as a relay device, which must use the RADIUS server to transmit EAP packets.

  • The IP address of the RADIUS server is 192.168.7.249. The authentication and accounting ports are 1645 and 1646, respectively. The RADIUS+1.1 protocol is adopted, with the key being itellin.

  • The IP address of the DNS server is 192.168.7.252.

  • The network-side interface on the NE40E is GE 2/0/0.

Figure 8-2 Networking for configuring 802.1X access
NOTE:

Interface1 through 2 in this example are GE1/0/0, GE 2/0/0, respectively.



Configuration Roadmap

The configuration roadmap is as follows:

  1. Configure a dot1x template.

  2. Configure a BAS interface.

Data Preparation

To complete the configuration, you need the following data:

  • dot1x template name

  • Timeout period for waiting for an EAP response packet from the authentication server

  • Number of packet retransmissions by the client and timeout period

  • Number of handshake packet retransmissions between the EAP client and server and timeout period

  • RADIUS server address

  • Address pool name, gateway address, address range, and DNS server address

Procedure

  1. Configure a dot1x template.

    <HUAWEI> system-view
    [~HUAWEI] dot1x-template 4
    [*HUAWEI-dot1x-template-4] authentication timeout 20
    [*HUAWEI-dot1x-template-4] request interval 20 retransmit 3
    [*HUAWEI-dot1x-template-4] reauthentication interval 1800
    [*HUAWEI-dot1x-template-4] keepalive interval 15 retransmit 2
    [*HUAWEI-dot1x-template-4] commit
    [~HUAWEI-dot1x-template-4] quit

  2. Configure an authentication scheme.

    [~HUAWEI] aaa
    [*HUAWEI-aaa] authentication-scheme auth4
    [*HUAWEI-aaa-authen-auth4] authentication-mode radius
    [*HUAWEI-aaa-authen-auth4] commit
    [~HUAWEI-aaa-authen-auth4] quit

  3. Configure an accounting scheme.

    [*HUAWEI-aaa] accounting-scheme acct4
    [*HUAWEI-aaa-accounting-acct4] accounting-mode radius
    [*HUAWEI-aaa-accounting-acct4] commit
    [~HUAWEI-aaa-accounting-acct4] quit
    [~HUAWEI-aaa] quit

  4. Configure a RADIUS server group.

    [~HUAWEI] radius-server group rd4
    [*HUAWEI-radius-rd4] radius-server authentication 192.168.7.249 1645
    [*HUAWEI-radius-rd4] radius-server accounting 192.168.7.249 1646
    [*HUAWEI-radius-rd4] radius-server type plus11
    [*HUAWEI-radius-rd4] radius-server shared-key itellin
    [*HUAWEI-radius-rd4] commit
    [~HUAWEI-radius-rd4] quit

  5. Configure an address pool.

    [~HUAWEI] ip pool pool4 bas local
    [*HUAWEI-ip-pool-pool4] gateway 10.82.1.1 255.255.255.0
    [*HUAWEI-ip-pool-pool4] section 0 10.82.1.2 10.82.1.200
    [*HUAWEI-ip-pool-pool4] dns-server 192.168.7.252
    [*HUAWEI-ip-pool-pool4] commit
    [~HUAWEI-ip-pool-pool4] quit

  6. Configure a domain named isp4.

    [~HUAWEI] aaa
    [*HUAWEI-aaa] domain isp4
    [*HUAWEI-aaa-domain-isp4] authentication-scheme auth4
    [*HUAWEI-aaa-domain-isp4] accounting-scheme acct4
    [*HUAWEI-aaa-domain-isp4] radius-server group rd4
    [*HUAWEI-aaa-domain-isp4] ip-pool pool4
    [*HUAWEI-aaa-domain-isp4] dot1x-template 4
    [*HUAWEI-aaa-domain-isp4] commit
    [~HUAWEI-aaa-domain-isp4] quit
    [~HUAWEI-aaa] quit

  7. Configure a BAS interface.

    NOTE:

    Versions earlier than V600R007C00 do not require BAS activation by license. You can directly run the bas enable command in the slot view.

    [~HUAWEI] interface gigabitEthernet 1/0/0.1
    [*HUAWEI-GigabitEthernet1/0/0.1] user-vlan 100
    [HUAWEI-GigabitEthernet1/0/0.1-vlan-100] quit
    [~HUAWEI-GigabitEthernet1/0/0.1] bas
    [*HUAWEI-GigabitEthernet1/0/0.1-bas] access-type layer2-subscriber
    [*HUAWEI-GigabitEthernet1/0/0.1-bas] default-domain authentication isp4
    [*HUAWEI-GigabitEthernet1/0/0.1-bas] authentication-method dot1x
    [*HUAWEI-GigabitEthernet1/0/0.1-bas] commit
    [~HUAWEI-GigabitEthernet1/0/0.1-bas] quit
    [~HUAWEI-GigabitEthernet1/0/0.1] quit

Configuration Files

#
 sysname HUAWEI
#
radius-server group rd4
 radius-server authentication 192.168.7.249 1645 weight 0
 radius-server accounting 192.168.7.249 1646 weight 0
 radius-server shared-key itellin
 radius-server type plus11
 radius-server traffic-unit kbyte
#
interface GigabitEthernet1/0/0.1
 bas
 user-vlan 100
  access-type layer2-subscriber default-domain authentication isp4
  authentication-method  dot1x
#
ip pool pool4 bas local
 gateway 10.82.1.1 255.255.255.0
 section 0 10.82.1.2 10.82.1.200
 dns-server  192.168.7.252
#
dot1x-template 4
 authentication timeout 20
 request retransmit 3 interval 20
 reauthentication interval 1800
 keepalive retransmit 2 interval 15
#
aaa
authentication-scheme  auth4
accounting-scheme  acct4
domain  isp4
 authentication-scheme   auth4
 accounting-scheme   acct4
 radius-server group  rd4
 dot1x-template  4
 ip-pool   pool4
#
return
Translation
Download
Updated: 2019-01-03

Document ID: EDOC1100055031

Views: 17288

Downloads: 70

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next