华为无线控制器启用802.1X认证配置

夙愿已清 提交于 2020-08-04 23:36:03

第一步、配置基础配置

<AC6005>system-view
[AC6005]vlan batch 10 to 14
[AC6005]int vlan 10
[AC6005-Vlanif10]ip address 192.168.10.254 24
[AC6005-Vlanif10]quit



[AC6005]int g0/0/1
[AC6005-GigabitEthernet0/0/1]port link-type trunk
[AC6005-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[AC6005-GigabitEthernet0/0/1]quit



[AC6005]capwap source interface vlan 10

第二步、wlan配置

[AC6005]wlan
[AC6005-wlan-view]ap auth-mode no-auth


[AC6005-wlan-view]regulatory-domain-profile name CN    
[AC6005-wlan-regulate-domain-CN]country-code CN
[AC6005-wlan-regulate-domain-CN]quit

[AC6005-wlan-view]ap-group name ap-group    
[AC6005-wlan-ap-group-ap-group]regulatory-domain-profile CN
Warning: Modifying the country code will clear channel, power and antenna gain c
onfigurations of the radio and reset the AP. Continue?[Y/N]:Y
[AC6005-wlan-ap-group-ap-group]quit









[AC6005-wlan-view]ssid-profile name wlan-ssid
[AC6005-wlan-ssid-prof-wlan-ssid]ssid 802.1X
Warning: This action may cause service interruption. Continue?[Y/N]y




[AC6005-wlan-view]security-profile name sec_802.1X  #创建终端接入安全模板

[AC6005-wlan-sec-prof-sec_802.1X]security wpa2 dot1x aes #认证方式dot1x

[AC6005-wlan-sec-prof-sec_802.1X]quit


[AC6005-wlan-view]vap-profile name wlan_vap
[AC6005-wlan-vap-prof-wlan_vap]forward-mode direct-forward
[AC6005-wlan-vap-prof-wlan_vap]service-vlan vlan-id 11
[AC6005-wlan-vap-prof-wlan_vap]security-profile sec_802.1X
[AC6005-wlan-vap-prof-wlan_vap]ssid-profile wlan-ssid



第三步、认证部分配置

[AC6005]radius-server template radius_temp #创建radius服务器模板

[AC6005-radius-radius_temp]radius-server authentication 192.168.14.254 1812 #radius认证服务器地址为192.168.14.254,认证端口1812
[AC6005-radius-radius_temp]radius-server accounting 192.168.14.254 1813

[AC6005-radius-radius_temp]radius-server shared-key cipher 123456 #设置预共享密钥123456

[AC6005-radius-radius_temp]radius-server user-name original  #设备向RADIUS服务器发送的用户名为用户原始输入的用户名

[AC6005-radius-radius_temp]undo radius-server user-name domain-included #输入用户名之后不需要附带域名

[AC6005-radius-radius_temp]quit
[AC6005]radius-server authorization 192.168.14.254 shared-key simple 123456 #radius授权服务器地址为192.168.14.254


[AC6005]aaa
[AC6005-aaa]authentication-scheme auth_scheme #创建认证方案
[AC6005-aaa-authen-auth_scheme]authentication-mode radius #认证模式为radius

[AC6005-aaa]accounting-scheme account_scheme #创建计费方案  
[AC6005-aaa-accounting-account_scheme]accounting-mode radius #计费模式为radius
[AC6005-aaa-accounting-account_scheme]accounting realtime 15 #设置计费周期15分钟





[AC6005-aaa-accounting-account_scheme]quit

[AC6005-aaa]domain radius_domain #创建域
[AC6005-aaa-domain-radius_domain]authentication-scheme auth_scheme #绑定认证方案
[AC6005-aaa-domain-radius_domain]accounting-scheme account_scheme #绑定计费方案
[AC6005-aaa-domain-radius_domain]radius-server radius_temp #绑定radius服务器模板
[AC6005-aaa-domain-radius_domain]quit

[AC6005]dot1x-access-profile name 802.1X #创建dot1x模板







[AC6005-dot1x-access-profile-802.1X]quit
[AC6005]authentication-profile name authen_802.1X #创建认证模板
[AC6005-authentication-profile-authen_802.1X]dot1x-access-profile 802.1X #应用dot1x模板

[AC6005-authentication-profile-authen_802.1X]authentication-scheme authen_scheme  #应用认证方案

[AC6005-authentication-profile-authen_802.1X]accounting-scheme account-scheme

[AC6005-authentication-profile-authen_802.1X]access-domain raduis_domain  #应用接入域

[AC6005-authentication-profile-authen_802.1X]quit

[AC6005]wlan


[AC6005-wlan-view]vap-profile name wlan_vap

[AC6005-wlan-vap-prof-wlan_vap]authentication-profile 802.1X
[AC6005-wlan-vap-prof-wlan_vap]



display ip pool interface vlanif2 used  查看dhcp使用多少地址

display station offline-record sta-mac 14cf-9208-9abf(终端MAC)#如果原因是The signal strength is too low表示终端信号低导致掉线
display aaa abnormal-offline-record all
display ap online-fail-record  all  #上线失败记录
display ap offline-record all #下线记录



标签
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!