You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Настройки коммутатора в данном примере сделаны для модели S5720, но подойдут для подавляющего большинства других моделей коммутаторов Huawei уровня доступа.


authentication-profile name dot1xmac_authen_profile
 dot1x-access-profile wnam_dot1x_access_profile
 mac-access-profile mac_access_profile
 authentication dot1x-mac-bypass
 authentication ip-address in-accounting-start
authentication-profile name mac_authen_profile
 mac-access-profile mac_access_profile
 authentication dot1x-mac-bypass
 authentication ip-address in-accounting-start
#
radius-server dead-interval 300
radius-server dead-count 65500
radius-server max-unresponsive-interval 7200
radius-server authorization attribute-decode-sameastemplate
#
dhcp enable
#
dhcp snooping enable
#
radius-server template wnam_radius
 radius-server shared-key cipher wnam_radius
 radius-server authentication 172.16.133.12 1812 weight 80
 radius-server accounting 172.16.133.12 1813 weight 80
 radius-server dead-time 65000
 radius-server nas-port-id-format vendor 9
 radius-server detect-server interval 3600
 radius-server detect-server timeout 1
 calling-station-id mac-format colon-split mode2 uppercase
radius-server session-manage 172.16.133.12 shared-key cipher wnam_radius
radius-server authorization 172.16.135.12 shared-key cipher wnam_radius server-group wnam_radius
#
aaa
 authentication-scheme radius
  authentication-mode radius
 accounting-scheme default
  accounting-mode radius
 domain default
  authentication-scheme radius
  accounting-scheme default
  radius-server wnam_radius
#
interface GigabitEthernet0/0/1
 port link-type hybrid
 port hybrid pvid vlan 409
 port hybrid untagged vlan 409
 authentication-profile dot1xmac_authen_profile
 lldp compliance cdp txrx
#
interface GigabitEthernet0/0/2
 port link-type hybrid
 port hybrid untagged vlan 127 to 128
 authentication-profile dot1xmac_authen_profile
 lldp compliance cdp txrx
#
dot1x-access-profile name wnam_dot1x_access_profile
#
mac-access-profile name mac_access_profile


Команды для траблшутинга:

display dot1x interface  GigabitEthernet 0/0/1
display authentication interface gi0/0/1
display mac-authen interface gi0/0/1
display access-user interface gi0/0/1 detail 

Не забывайте про команду "save all"
 

  • No labels