Zte ZXR10 5900 Series - Dot1 x Local Authentication Application

To Next Page

To Previous Page

Chapter12DOT1XConguration

ThecriteriaisthatInternetresourcescanonlybeaccessedthrough

theauthenticationhostandonlyenterprisenetworkresourcescan

beaccessedbyotherhosts.

�Dividethehostsintheenterpriseintoasub-network(ormul-

tiplesub-networks),wherethehostscanaccesseachother .

�Enablethe802.1XtrunkfunctionontheEthernetswitchinside

thesub-networkandenable802.1XauthenticationontheEth-

ernetportofthesub-networkgateway.

�Donotchargeusersinsidetheenterprise,andonlyauthenti-

catethemontheRadiusserver .Themaster/slaveauthentica-

tionserversare10.1.1.1/10.1.1.2respectively.Itisassumed

thattheenterpriseusesthe2826EEthernetswitchinsideit

andgatewayusestheZXR105900/5200.

2826Econguration:

Setdot1xreleyenable

ZXR105900/5200conguration:

ZXR10(config)#radiusauthentication-group1

ZXR10(config-authgrp-1)#server110.1.1.1keyaaazteport1812

ZXR10(config-authgrp-1)#server210.1.1.2keyaaazteport1812

ZXR10(config-authgrp-1)#exit

ZXR10(config)#nas

ZXR10(config-nas)#createaaa1portgei_1/1

ZXR10(config-nas)#aaa1controldot1xenable

ZXR10(config-nas)#aaa1authenticationradius

ZXR10(config-nas)#aaa1authorizationauto

ZXR10(config-nas)#aaa1accountingdisable

ZXR10(config-nas)#aaa1multiple-hostsenable

ZXR10(config-nas)#aaa1default-ispzte163.net

ZXR10(config-nas)#aaa1fullaccountdisable

ZXR10(config-nas)#aaa1radius-serverauthentication1

Dot1xLocalAuthentication

Application

IntheapplicationsshowninFigure29andFigure30,theenter-

prisewantstoregisterthenetworkcardaddressofeachhost.

OnlytheMACaddressofthenetworkcardischeckedwhenthe

userusesanyaccounttologinfromthedot1xclient.Usercan

loginonlywhenaddressislegal.Inaddition,enterprisenumbers

eachMACaddressandsumsupInternetaccessdurationofthe

userbasedonthenumber .ZXR105900/5200canimplementthe

applicationrequirement.AuthenticatoradoptsZXR105900/5200,

asshowninFigure29andFigure30,toimplementtheapplication

congurationasfollows:

ZXR10(config)#radiusaccounting-group1

ZXR10(config-acctgrp-1)#server110.1.1.1keyaaazteport

ZXR10(config-acctgrp-1)#server210.1.1.2keyaaazteport

ZXR10(config-acctgrp-1)#exit

ZXR10(config)#nas

ZXR10(config-nas)#createaaa1portgei_1/1

ZXR10(config-nas)#aaa1controldot1xenable

ZXR10(config-nas)#aaa1authenticationlocal

ZXR10(config-nas)#aaa1authorizationauto

ZXR10(config-nas)#aaa1accountingdisable

CondentialandProprietaryInformationofZTECORPORATION139

Main Page

Zte ZXR10 5900 Series - Dot1 x Local Authentication Application

Table of Contents

Other manuals for Zte ZXR10 5900 Series

Related product manuals