Huawei AD + NPS + DHCP + MAC address authentication configuration (2) Huawei

Source: Internet
Author: User

Configure core switches, server switches, and access switches

Author: xiaohuan

Q253408824

650) this. width = 650; "title =" image "style =" border-top: 0px; border-right: 0px; background-image: none; border-bottom: 0px; margin: 0px; border-left: 0px; padding-top: 0px; padding-left: 0px; padding-right: 0px; "border =" 0 "alt =" image "src =" http://www.bkjia.com/uploads/allimg/131227/053200A02-0.png "height =" 365 "/>

VII,Configuring network devices (Huawei)

1,Configure the core switch Huawei S7712)

Sysname Core-Switch change host name

Vlan batch 31 32 90 100 create VLANs in batches

Int vlan 32 create and manage vlan 32 virtual Interfaces

Ip address 172.16.32.254 24 configure and manage vlan 32 gateway address

Int vlan 31 create server vlan 31 Virtual Interface

Ip address 172.16.31.254 24 Configure the server vlan 31 gateway address

Int vlan 90 create service vlan 90 Virtual Interface

Ip address 192.168.0.254 24 configure the business vlan 90 gateway address

Dhcp select relay

Dhcp relay server-ip 172.16.31.66

Configure the DHCP relay server to 172.16.31.66

Create a service vlan 100 Virtual Interface for int vlan 100

Ip address 172.16.0.254 24 configure the service vlan 100 gateway address

Dhcp select relay

Dhcp relay server-ip 172.16.31.66

Configure the DHCP relay server to 172.16.31.66

Enable DHCP service

Dhcp enable

G10/0/1 port configuration

Int G10/0/1

Description To mac-authen Switch-G1/0/24

Port link-type trunk

Port trunk pvid vlan 32

Port trunk allow-pass vlan all

G10/0/2 Interface Configuration

Int G10/0/2

Description To Server Switch-G0/0/48

Port link-type trunk

Port trunk pvid vlan 32

Port trunk allow-pass vlan all

2,Configure the server switch S5700)

Sysname Server Switch change host name

Vlan batch 31 32 create vlan 31, 32

Int Vlan 32 create and manage VLAN 32 virtual Interfaces

Ip address 172.16.32.252 24 Configuration Management ip address

Configure the default route

Ip route 0.0.0.0 0.0.0.0 172.16.32.254

Configure uplink port G0/0/48

Interface GigabitEthernet0/0/1

Description To Core-Switch-G10/0/2

Port link-type access

Port default vlan 31

Configure connection server port G0/0/1

Interface GigabitEthernet0/0/1

Description To a Windows Server 2008

Port link-type access

Port default vlan 31

3,Configure access switch (Huawei)

Sysname mac-authen Switch change host name

Vlan batch 32 90 100 batch create VLAN 32 222 and 223

Int Vlan 32 create and manage VLAN 32 virtual Interfaces

Ip address 172.16.32.253 24

The Configuration Management IP address is 172.16.32.254/24.

Create a radius Template

Radius-server template test.com

Radius-server shared-key simple test.com

Radius-server authentication 172.16.31.66 1812

Radius-server accounting 172.16.31.66 1813

Radius-server retransmit 2

Undo radius-server user-name domain-included

Configure aaa

Aaa

Authentication-scheme test.com

Authentication-mode radius

Authorization-scheme test.com

Accounting-scheme test.com

Accounting-mode radius

Domain test.com

Authentication-scheme test.com

Accounting-scheme test.com

Authorization-scheme test.com

Radius-server test.com

Enable mac address authentication globally

Mac-authen

Set mac address authentication domain

Mac-authen domain test.com

Enable DHCP service

Dhcp enable

Configure the default route

Ip route 0.0.0.0 0.0.0.0 172.16.32.254

Configure the access port G0/0/1

Port hybrid pvid vlan 100

Undo port hybrid vlan 1

Port hybridge' untagged vlan 100

Mac-authen

Mac-authen guest-vlan 90

Mac-authen max-user 1

Configure uplink port G0/0/24

Interface GigabitEthernet0/0/24

Description To Core-Switch-G10/0/1

Port link-type trunk

Port trunk pvid vlan 32

Port trunk allow-pass vlan 2 to 4094

All network devices have been configured

This article is from the "yanhuan" blog, please be sure to keep this source http://yanhuan.blog.51cto.com/1761673/1283670

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.