Home > Others

Typical dot1x Configuration

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

802.1x is a Client/Server-based access control and authentication protocol. It can restrict unauthorized users/devices from accessing the LAN/WLAN through the access port. 802.1x authenticates users/devices connected to the vswitch ports before obtaining various services provided by the vswitch or LAN. Before the authentication is passed, 802.1x only allows the EAPoL Lan-Based Extended Authentication Protocol) data through the switch port connected to the device. After the authentication is passed, normal data can pass through the Ethernet port smoothly.

Configure the AAA Server Type

AAA server Windows IAS

Linux freeradius

Cisco acs



Win2003 bridging physical machine installation select wireless network card


Install service dhcp

Internet


AAA Configuration

Create an account



Topology


650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/055J1I25-0.png "title =" 1.png"/>




Firewall:

Int eth 0/0

Ip add 192.168.2.1 24


Int eth0/0.10

Vlan-type dot1q vid 10

Ip add 192.168.10.1 24


Int eth0/0.20

Vlan-type dot1q vid 20

Ip add 192.168.20.1 24


Int eth0/0.30

Vlan-type dot1q vid 30

Ip add 192.168.30.1 24

Undo insulate (firewall unblocking)

Firewall zone trust

Add interface eth0/0.10

Add interface eth0/0.20

Add interface eth0/0.30

Configure relay on the firewall:

Int eth0/0.10

Dhcp select relay

Int eth0/0.20

Dhcp select relay

Int eth0/0.10

Ip relay address 192.168.30.100

Int eth0/0.20

Ip relay address 192.168.30.100




Vswitch


System-view

Int Vlan-interface 1

Ip add 192.168.2.10 255.255.255.0

Quit

Ip route-static 0.0.0.00.0.0.0 192.168.2.1 gateway, default route)


Dot1x

Int e1/0/10

Dot1x

Int e1/0/20

Dot1x



Local-user user1

Password sim 123456

Service-type lan-access


System-view

Vlan 10

Port e1/0/10

Vlan 20

Port e1/0/20

Vlan 30

Port e1/0/22


Int e1/0/24

Port link-type trunk

Port trunk premit vlan all



AAA Configuration:

System-view

Int Vlan-interface 1

Ip add 192.168.10.200 24

Dot1x

Int e1/0/12

Dot1x

Redius scheme ***

?

Primary authentication 192.168.10.220

Accounting optional

Server-type standard

Key authentication

Domain tec (domain name)

Redius scheme ***

Access-limit enable 10 (number of allowed connections)

Accounting optional

Redius scheme ***

User-name-format without-domain

Dis cu

Domain default enable tec (domain name not required)

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/055J16393-1.png "style =" float: none; "title =" image 3.png"/>

650) this. width = 650; "src =" http://www.bkjia.com/uploads/allimg/131227/055J1C51-2.png "style =" float: none; "title =" QQ20130814193254.png "/>


This article from the "Dan Ning yuan" blog, please be sure to keep this source http://ningxiaoyuan.blog.51cto.com/7600075/1274567

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More