Configuring 802.1x Remote Authentication

Configuring 802.1x Remote Authentication

Topology

Specification

Applicable to all versions and forms of AR routers.

Network Requirements

The PC accesses the network through the Router. To ensure network security, 802.1x authentication is required when users access the network. The authentication servers are two Radius servers. The server with IP address 10.10.10.1/24 is the primary authentication server, and the server with IP address 10.10.10.2/24 is the backup authentication server. When the primary server is unavailable, the Router can switch to the backup server within 3 seconds at the fastest.

Procedure

1. Configuration on the Router

  1.  V200R007 and earlier versions:
  2.  #
  3.  vlan batch 10
  4.  #
  5.  dot1x enable
  6.  #
  7.  radius-server template shiva //Configure RADIUS server template shiva
  8.  radius-server shared-key cipher %^%#Q75cNQ6IF(e#L4WMxP~%^7'u17,]D87GO{"[o]`D%^%#
  9.  radius-server authentication 10.10.10.1 1812 //Configure the primary RADIUS authentication server
  10.  radius-server authentication 10.10.10.2 1812 secondary //Configure the RADIUS secondary authentication server
  11.  #
  12.  aaa
  13.  authentication-scheme scheme0 //Create an authentication scheme named scheme0
  14.  authentication-mode radius
  15.  domain huawei //Configure the domain named huawei
  16.   authentication-scheme scheme0
  17.  radius-server shiva
  18.  #
  19.  interface Vlanif10
  20.  IP address 192.168.1.2 255.255.255.0
  21.  #
  22.  interface Ethernet2/0/0
  23.  port link-type access
  24.  port default vlan 10
  25.  dot1x enable
  26.  #
  27.  V200R008 and later versions:
  28.  #
  29.  vlan batch 10
  30.  #
  31.  authentication-profile name p1
  32.  dot1x-access-profile d1 //Bind 802.1x access profile d1 to authentication profile p1
  33.  #
  34.  radius-server template shiva //Configure RADIUS server template shiva
  35.  radius-server shared-key cipher %^%#Q75cNQ6IF(e#L4WMxP~%^7'u17,]D87GO{"[o]`D%^%#
  36.  radius-server authentication 10.10.10.1 1812 //Configure the primary RADIUS authentication server
  37.  radius-server authentication 10.10.10.2 1812 secondary //Configure the RADIUS secondary authentication server
  38.  #
  39.  aaa
  40.  authentication-scheme scheme0 //Create an authentication scheme named scheme0
  41.  authentication-mode radius
  42.  domain huawei //Configure the domain named huawei
  43.   authentication-scheme scheme0
  44.  radius-server shiva
  45.  #
  46.  interface Vlanif10
  47.  IP address 192.168.1.2 255.255.255.0
  48.  #
  49.  interface Ethernet2/0/0
  50.  port link-type access
  51.  port default vlan 10
  52.  authentication-profile p1 //Bind authentication profile p1 to the interface
  53.  #
  54.  dot1x-access-profile name d1

2. Verifying the configuration

Add user user1@huawei to the RADIUS server, with password Huawei@2012. The shared key is the same as that of the router and is configured as radius. After the client is authenticated successfully, run the display access-user command to view that the Username field contains the user name user1@huawei, and the corresponding Status field displays Success.

Configuration Notes

  • The authentication port value on the router and RADIUS server must be consistent.
  • The shared key on the router and RADIUS server must be consistent.
  • The router and RADIUS server must have a reachable route.

<<:  How much do you know about the black technology behind chips and how to make breakthroughs?

>>:  China has 600,000 5G base stations. Why should 5G investment be moderately ahead of schedule?

Recommend

Without the need for dark-night cutover, how can grayscale release help 5G to move forward in small steps?

Three o'clock in the morning, staying up late...

Wu Hequan: 5G, as the first choice for new infrastructure, will face five major challenges

On April 28, Wu Hequan, an academician of the Chi...

Under the 5G trend | A comparison of deployment between China and the United States

At present, 5G communication technology has cause...

Multi-cloud, security integration drives mass SD-WAN adoption

SD-WAN is expected to grow 40% year-over-year thr...

Enterprise 5G: A guide to planning, architecture and benefits

Enterprise 5G deployments require extensive plann...

Can you understand Wdm in one minute?

Hello everyone, I am Xiaozaojun. [[329660]] When ...

Did you understand the three stories Guo Ping told at the Huawei Connect Conference?

[51CTO.com original article] Just last week, the ...

5G interface protocol: from CPRI to ECPRI

In the architecture of early 2G and 3G base stati...

What is SD-Branch? Why do you need it?

[51CTO.com Quick Translation] The deployed SD-WAN...

SDA's full-view and in-depth operation and maintenance strategy accelerates the improvement of customer operation and maintenance capabilities

Under the wave of digital transformation, enterpr...

WiFi 6 is not suitable for individual users yet

5G has become a household name, but its new WiFi ...

Who made a comeback! Operators' February data: China Unicom's 5G business ushered in a highlight moment

[[389252]] Yesterday, the three major operators a...

5G development strategies and measures of major countries and regions and their implications for my country

[[394646]] At present, a new round of scientific ...

What happens behind the scenes when the Ping command is issued?

01 Overview [[274853]] As for the ping command, I...

The 10 hottest technology keywords in 2018, every move will change the future

The end of 2017 is accompanied by the arrival of ...