華為AC配置802.1X認證
阿新 • • 發佈:2018-06-13
dot1x<AC6005>system-view
[AC6005]vlan batch 10 to 14
[AC6005]int vlan 10
[AC6005-Vlanif10]ip address 192.168.10.254 24
[AC6005-Vlanif10]quit
[AC6005]capwap source interface vlan 10
[AC6005-radius-radius_temp]quit
[AC6005]radius-server authorization 192.168.14.254 shared-key simple 123456
[AC6005-aaa-accounting-account_scheme]accounting realtime 15
[AC6005-aaa-accounting-account_scheme]quit
[AC6005-aaa]domain radius_domain #配置全局默認域
[AC6005-aaa-domain-radius_domain]authentication-scheme auth_scheme
[AC6005-aaa-domain-radius_domain]accounting-scheme account_scheme
[AC6005-aaa-domain-radius_domain]quit
[AC6005]dot1x-access-profile name 802.1X
[AC6005-dot1x-access-profile-802.1X]quit
[AC6005]authentication-profile name authen_802.1X
[AC6005-authentication-profile-authen_802.1X]dot1x-access-profile 802.1X
[AC6005-authentication-profile-authen_802.1X]authentication-scheme authen_scheme
[AC6005-authentication-profile-authen_802.1X]radius-server radius_temp
[AC6005-authentication-profile-authen_802.1X]quit
[AC6005]wlan
[AC6005-wlan-view]security-profile name sec_802.1X
[AC6005-wlan-sec-prof-sec_802.1X]security wpa2 dot1x aes
[AC6005-wlan-sec-prof-sec_802.1X]quit
[AC6005-wlan-view]vap-profile name wlan_vap
[AC6005-wlan-vap-prof-wlan_vap]forward-mode direct-forward
[AC6005-wlan-vap-prof-wlan_vap]service-vlan vlan-id 12
[AC6005-wlan-vap-prof-wlan_vap]security-profile sec_802.1X
[AC6005-wlan-vap-prof-wlan_vap]ssid-profile wlan-ssid
[AC6005-wlan-vap-prof-wlan_vap]authentication-profile 802.1X
[AC6005-wlan-vap-prof-wlan_vap]
[AC6005]vlan batch 10 to 14
[AC6005]int vlan 10
[AC6005-Vlanif10]ip address 192.168.10.254 24
[AC6005-Vlanif10]quit
[AC6005]capwap source interface vlan 10
[AC6005]wlan
[AC6005-wlan-view]ap auth-mode no-auth
[AC6005]radius-server template radius_temp
[AC6005-radius-radius_temp]radius-server authentication 192.168.14.254 1812
[AC6005-radius-radius_temp]quit
[AC6005]radius-server authorization 192.168.14.254 shared-key simple 123456
[AC6005]aaa
[AC6005-aaa]authentication-scheme auth_scheme
[AC6005-aaa-authen-auth_scheme]authentication-mode radius
[AC6005-aaa]accounting-scheme account_scheme
[AC6005-aaa-accounting-account_scheme]accounting realtime 15
[AC6005-aaa-accounting-account_scheme]quit
[AC6005-aaa]domain radius_domain #配置全局默認域
[AC6005-aaa-domain-radius_domain]authentication-scheme auth_scheme
[AC6005-aaa-domain-radius_domain]accounting-scheme account_scheme
[AC6005-aaa-domain-radius_domain]quit
[AC6005]dot1x-access-profile name 802.1X
[AC6005-dot1x-access-profile-802.1X]quit
[AC6005]authentication-profile name authen_802.1X
[AC6005-authentication-profile-authen_802.1X]dot1x-access-profile 802.1X
[AC6005-authentication-profile-authen_802.1X]authentication-scheme authen_scheme
[AC6005-authentication-profile-authen_802.1X]radius-server radius_temp
[AC6005-authentication-profile-authen_802.1X]quit
[AC6005]wlan
[AC6005-wlan-view]security-profile name sec_802.1X
[AC6005-wlan-sec-prof-sec_802.1X]security wpa2 dot1x aes
[AC6005-wlan-sec-prof-sec_802.1X]quit
[AC6005-wlan-view]vap-profile name wlan_vap
[AC6005-wlan-vap-prof-wlan_vap]forward-mode direct-forward
[AC6005-wlan-vap-prof-wlan_vap]service-vlan vlan-id 12
[AC6005-wlan-vap-prof-wlan_vap]security-profile sec_802.1X
[AC6005-wlan-vap-prof-wlan_vap]ssid-profile wlan-ssid
[AC6005-wlan-vap-prof-wlan_vap]authentication-profile 802.1X
[AC6005-wlan-vap-prof-wlan_vap]
華為AC配置802.1X認證