Configuring 802.1x Remote Authentication

Configuring 802.1x Remote Authentication

Topology

Specification

Applicable to all versions and forms of AR routers.

Network Requirements

The PC accesses the network through the Router. To ensure network security, 802.1x authentication is required when users access the network. The authentication servers are two Radius servers. The server with IP address 10.10.10.1/24 is the primary authentication server, and the server with IP address 10.10.10.2/24 is the backup authentication server. When the primary server is unavailable, the Router can switch to the backup server within 3 seconds at the fastest.

Procedure

1. Configuration on the Router

  1.  V200R007 and earlier versions:
  2.  #
  3.  vlan batch 10
  4.  #
  5.  dot1x enable
  6.  #
  7.  radius-server template shiva //Configure RADIUS server template shiva
  8.  radius-server shared-key cipher %^%#Q75cNQ6IF(e#L4WMxP~%^7'u17,]D87GO{"[o]`D%^%#
  9.  radius-server authentication 10.10.10.1 1812 //Configure the primary RADIUS authentication server
  10.  radius-server authentication 10.10.10.2 1812 secondary //Configure the RADIUS secondary authentication server
  11.  #
  12.  aaa
  13.  authentication-scheme scheme0 //Create an authentication scheme named scheme0
  14.  authentication-mode radius
  15.  domain huawei //Configure the domain named huawei
  16.   authentication-scheme scheme0
  17.  radius-server shiva
  18.  #
  19.  interface Vlanif10
  20.  IP address 192.168.1.2 255.255.255.0
  21.  #
  22.  interface Ethernet2/0/0
  23.  port link-type access
  24.  port default vlan 10
  25.  dot1x enable
  26.  #
  27.  V200R008 and later versions:
  28.  #
  29.  vlan batch 10
  30.  #
  31.  authentication-profile name p1
  32.  dot1x-access-profile d1 //Bind 802.1x access profile d1 to authentication profile p1
  33.  #
  34.  radius-server template shiva //Configure RADIUS server template shiva
  35.  radius-server shared-key cipher %^%#Q75cNQ6IF(e#L4WMxP~%^7'u17,]D87GO{"[o]`D%^%#
  36.  radius-server authentication 10.10.10.1 1812 //Configure the primary RADIUS authentication server
  37.  radius-server authentication 10.10.10.2 1812 secondary //Configure the RADIUS secondary authentication server
  38.  #
  39.  aaa
  40.  authentication-scheme scheme0 //Create an authentication scheme named scheme0
  41.  authentication-mode radius
  42.  domain huawei //Configure the domain named huawei
  43.   authentication-scheme scheme0
  44.  radius-server shiva
  45.  #
  46.  interface Vlanif10
  47.  IP address 192.168.1.2 255.255.255.0
  48.  #
  49.  interface Ethernet2/0/0
  50.  port link-type access
  51.  port default vlan 10
  52.  authentication-profile p1 //Bind authentication profile p1 to the interface
  53.  #
  54.  dot1x-access-profile name d1

2. Verifying the configuration

Add user user1@huawei to the RADIUS server, with password Huawei@2012. The shared key is the same as that of the router and is configured as radius. After the client is authenticated successfully, run the display access-user command to view that the Username field contains the user name user1@huawei, and the corresponding Status field displays Success.

Configuration Notes

  • The authentication port value on the router and RADIUS server must be consistent.
  • The shared key on the router and RADIUS server must be consistent.
  • The router and RADIUS server must have a reachable route.

<<:  How much do you know about the black technology behind chips and how to make breakthroughs?

>>:  China has 600,000 5G base stations. Why should 5G investment be moderately ahead of schedule?

Recommend

OlinkCloud: 20% off all VPS starting at $4/month, 40% off dedicated servers, pure AS9929 lines in Germany/San Jose, USA

Olink.Cloud is a site under DiaHosting, mainly pr...

Application of Self-Organizing Network in IOT Devices

Labs Guide In recent years, IoT devices have been...

Process control, all in one place

[[415477]] Watching the Olympics recently has got...

What is the process of DNS domain name resolution?

Interviewer: Please tell me what the process of D...

IDC: Edge management services market expected to explode

As enterprises seek greater process efficiency an...

Learn how to manage and protect cabling systems

When choosing the transmission medium for the cab...

In the era of the Internet of Everything, the decade-long evolution of a remote control software

Remote control, as a new Internet operation mode,...

RAKsmart Los Angeles CU9929 line VPS simple test

Last month, the blog shared that RAKsmart Los Ang...

[11.11]edgeNAT: 20% off for monthly VPS and 30% off for annual VPS, Korean/American VPS monthly payment starts from 48 yuan

edgeNAT has launched a Double 11 promotion. From ...

Can the commercial trial of 5G messaging truly open the door to the 5G economy?

At the "2021 China International Information...

DesiVPS: 10Gbps bandwidth VPS starts at $17 per year, 1Gbps unlimited traffic VPS starts at $19 per year, San Jose data center

DesiVPS recently sent some promotional packages, ...

In a dual-state operation and maintenance environment, how does H3C effectively support enterprise IT operation and maintenance upgrades and transformations?

[51CTO.com original article] "Dual-state ope...

CDN triggers a second revolution: from transmission services to edge computing

In the list of "Top 20 Technology Companies ...

Four ways to ensure service availability in the face of traffic bursts

Preface Have you ever had this experience? A larg...

A must-have for 5G engineers! A complete list of 5G protocols

The three major operators have already commercial...