Configuring 802.1x Remote Authentication

Configuring 802.1x Remote Authentication

Topology

Specification

Applicable to all versions and forms of AR routers.

Network Requirements

The PC accesses the network through the Router. To ensure network security, 802.1x authentication is required when users access the network. The authentication servers are two Radius servers. The server with IP address 10.10.10.1/24 is the primary authentication server, and the server with IP address 10.10.10.2/24 is the backup authentication server. When the primary server is unavailable, the Router can switch to the backup server within 3 seconds at the fastest.

Procedure

1. Configuration on the Router

  1.  V200R007 and earlier versions:
  2.  #
  3.  vlan batch 10
  4.  #
  5.  dot1x enable
  6.  #
  7.  radius-server template shiva //Configure RADIUS server template shiva
  8.  radius-server shared-key cipher %^%#Q75cNQ6IF(e#L4WMxP~%^7'u17,]D87GO{"[o]`D%^%#
  9.  radius-server authentication 10.10.10.1 1812 //Configure the primary RADIUS authentication server
  10.  radius-server authentication 10.10.10.2 1812 secondary //Configure the RADIUS secondary authentication server
  11.  #
  12.  aaa
  13.  authentication-scheme scheme0 //Create an authentication scheme named scheme0
  14.  authentication-mode radius
  15.  domain huawei //Configure the domain named huawei
  16.   authentication-scheme scheme0
  17.  radius-server shiva
  18.  #
  19.  interface Vlanif10
  20.  IP address 192.168.1.2 255.255.255.0
  21.  #
  22.  interface Ethernet2/0/0
  23.  port link-type access
  24.  port default vlan 10
  25.  dot1x enable
  26.  #
  27.  V200R008 and later versions:
  28.  #
  29.  vlan batch 10
  30.  #
  31.  authentication-profile name p1
  32.  dot1x-access-profile d1 //Bind 802.1x access profile d1 to authentication profile p1
  33.  #
  34.  radius-server template shiva //Configure RADIUS server template shiva
  35.  radius-server shared-key cipher %^%#Q75cNQ6IF(e#L4WMxP~%^7'u17,]D87GO{"[o]`D%^%#
  36.  radius-server authentication 10.10.10.1 1812 //Configure the primary RADIUS authentication server
  37.  radius-server authentication 10.10.10.2 1812 secondary //Configure the RADIUS secondary authentication server
  38.  #
  39.  aaa
  40.  authentication-scheme scheme0 //Create an authentication scheme named scheme0
  41.  authentication-mode radius
  42.  domain huawei //Configure the domain named huawei
  43.   authentication-scheme scheme0
  44.  radius-server shiva
  45.  #
  46.  interface Vlanif10
  47.  IP address 192.168.1.2 255.255.255.0
  48.  #
  49.  interface Ethernet2/0/0
  50.  port link-type access
  51.  port default vlan 10
  52.  authentication-profile p1 //Bind authentication profile p1 to the interface
  53.  #
  54.  dot1x-access-profile name d1

2. Verifying the configuration

Add user user1@huawei to the RADIUS server, with password Huawei@2012. The shared key is the same as that of the router and is configured as radius. After the client is authenticated successfully, run the display access-user command to view that the Username field contains the user name user1@huawei, and the corresponding Status field displays Success.

Configuration Notes

  • The authentication port value on the router and RADIUS server must be consistent.
  • The shared key on the router and RADIUS server must be consistent.
  • The router and RADIUS server must have a reachable route.

<<:  How much do you know about the black technology behind chips and how to make breakthroughs?

>>:  China has 600,000 5G base stations. Why should 5G investment be moderately ahead of schedule?

Recommend

How to balance the development of Wi-Fi 7 and future 5G/6G?

As society progresses, people's demand for in...

A brief discussion on SD-WAN troubleshooting

What do you do when your SD-WAN has a problem or ...

VIRPUS: 40% off on all VPS, Seattle data center, XEN architecture, monthly payment of $2, annual payment of $20

VIRPUS has released a December discount, offering...

5G without "it" is like building a house without land

As a city's population continues to grow, it ...

5G ToB development enters a golden period, and industry-specific networks enable digital transformation

[[386226]] 1. Introduction With the vigorous prom...

How to Cut an Oxen - Illustrated MySQL 8.0 Optimizer Query Parsing

[[423739]] 1. Background and Architecture We all ...

OluCloud: Los Angeles CN2 GIA/Hong Kong CN2 VPS 60% off, starting from $2.4/month

Oluyun is a foreign hosting service provider regi...

"No products, no discounts, no sales" Huawei's new "knowledgeable" approach

Not long ago, an online experience store with &qu...

Practical example: Why is the VPN file transfer speed only 20M? My corporate headquarters-branch has a 100M dedicated line!

Background The client company is a clothing retai...

The impact of blockchain technology on the future world and data centers

As organizations gain a deeper understanding of t...

From the SPACE matrix, is 5G on the road to success?

In September 1830, the world's first intercit...

South Korean court rules that network operators can charge broadband fees to big data users like Netflix

As the video streaming market explodes, a South K...

Animation: How to answer the interviewer's question about TCP congestion control?

Previously, we shared the network layering protoc...

Learn about IP addresses in one minute. The Internet is not a lawless place. Please be careful in what you say and do.

You must have seen descriptions of IP addresses o...

Google's OnHub routers will stop supporting software in December next year

Google announced today that it will stop software...