EasyManua.ls Logo

Zte ZXR10 8900 Series - Dot1 X Local Authentication Application

Zte ZXR10 8900 Series
186 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Chapter11DOT1xConguration
Enable802.1XrelayfunctiononEthernetswitchinsidesub-
networkandenable802.1XauthenticationonEthernetportof
thesub-networkgateway.
Donotchargeusersinsideenterprise,andonlyauthenticate
themontheRadiusserver .Master/slaveauthentication
serversare10.1.1.1/10.1.1.2respectively.Itisassumed
thatenterpriseuses2826EEthernetswitchinsideitanduses
ZXR108905Ethernetswitchasthegateway.
Congurationon2826E:
Setdot1xreleyenable
CongurationonZXR108905:
ZXR10(config)#radiusauthentication-group1
ZXR10(config-authgrp-1)#server110.1.1.1masterkeyaaazte
port1812
ZXR10(config-authgrp-1)#server210.1.1.2keyaaazteport1812
ZXR10(config-authgrp-1)#exit
ZXR10(config)#nas
ZXR10(config-nas)#createaaa1portfei_1/1
ZXR10(config-nas)#aaa1controldot1xenable
ZXR10(config-nas)#aaa1authorizationauto
ZXR10(config-nas)#aaa1accountingdisable
ZXR10(config-nas)#aaa1multiple-hostsenable
ZXR10(config-nas)#aaa1default-ispzte163.net
ZXR10(config-nas)#aaa1fullaccountdisable
ZXR10(config-nas)#aaa1radius-serverauthentication1
Dot1xLocalAuthentication
Application
IntheapplicationsofDot1xradiusauthenticationandDot1xrelay
authentication,enterprisewantstoregisternetworkcardaddress
ofeachhost.Whenuserlogsinfromthedot1xclient,onlyMAC
addressofthenetworkcardischecked.Usercanloginonlywhen
addressislegal.
EnterprisenumbersforeachMACaddressandInternetaccessdu-
rationoftheuserisbasedonthenumber .AZXR108908switch
worksastheauthenticatoranditcanimplementtheapplication
requirement.Theapplicationcongurationisshownbelow.
ZXR10(config)#nas
ZXR10(config-nas)#createaaa1portfei_1/1
ZXR10(config-nas)#aaa1controldot1xenable
ZXR10(config-nas)#aaa1authorizationauto
ZXR10(config-nas)#aaa1accountingdisable
ZXR10(config-nas)#aaa1multiple-hostsenable
ZXR10(config-nas)#aaa1default-ispzte163.net
ZXR10(config-nas)#aaa1fullaccountdisable
ZXR10(config-nas)#aaa1authenticationlocal
ZXR10(config-nas)#createlocaluser1nameA0001
ZXR10(config-nas)#localuser1mac00d0.d0d0.1234
ZXR10(config-nas)#createlocaluser2nameA0002
ZXR10(config-nas)#localuser2mac00d0.d0d0.1456
ZXR10(config-nas)#createlocaluser3nameA0003
ZXR10(config-nas)#localuser3mac00d0.d0d0.1689
Intheaboveconguration,localauthenticationfunctionontheau-
thenticatorswitchisenabledtoimplementtheapplicationrequire-
mentoftheenterprise.Accordingtotheaboveconguration,only
CondentialandProprietaryInformationofZTECORPORATION119

Table of Contents

Other manuals for Zte ZXR10 8900 Series

Preview: Command Reference
Command Reference147 pages
Preview: Command Manual
Command Manual177 pages
Preview: Hardware Manual
Hardware Manual131 pages
Preview: Hardware Installation Manual
Hardware Installation Manual109 pages
Preview: Instructions
Instructions14 pages

Related product manuals