大家好,又见面了,我是你们的朋友全栈君。
AAA系统的简称:
认证(Authentication):验证用户的身份与可使用的网络服务;
授权:依据认证结果开放网络服务给用户;
AAA—–身份验证(Authentication)、授权 (Authorization)和统计 (Accounting)Cisco开发的一个提供网络安全的系统。参见authentication。authorization和accounting
实验目的:实现dhcp动态获取地址 和telnet交换机 需要AAA认证
实验拓扑:
实验设备:华为s2000交换机 h3c防火墙
实验过程:
服务器端配置:
交换机配置:dis cu
#
sysname SW1
#
dot1x
dot1x authentication-method pap
#
radius scheme system
radius scheme xxx
server-type standard
primary authentication 192.168.30.1
accounting optional
key authentication 123456
user-name-format without-domain
#
domain system
domain test
scheme radius-scheme xxx
access-limit enable 10
accounting optional
#
vlan 1
#
vlan 10
#
vlan 20
#
vlan 30
#
interface Vlan-interface1
ip address 192.168.1.24 255.255.255.0
#
interface Ethernet1/0/10
port access vlan 10
dot1x
#
interface Ethernet1/0/20
port access vlan 20
dot1x
#
interface Ethernet1/0/23
port access vlan 30
#
interface Ethernet1/0/24
port link-type trunk
port trunk permit vlan all
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.1.1 preference 60
#
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
防火墙配置:
dis cu
#
sysname R1
#
firewall packet-filter enable
firewall packet-filter default permit
#
undo insulate
#
firewall statistic system enable
#
radius scheme system
server-type extended
#
domain system
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 192.168.1.1 255.255.255.0
dhcp select relay
#
interface Ethernet0/0.1
ip address 192.168.10.254 255.255.255.0
ip relay address 192.168.30.1
dhcp select relay
vlan-type dot1q vid 10
#
interface Ethernet0/0.2
ip address 192.168.20.254 255.255.255.0
ip relay address 192.168.30.1
dhcp select relay
vlan-type dot1q vid 20
#
interface Ethernet0/0.3
ip address 192.168.30.254 255.255.255.0
dhcp select relay
vlan-type dot1q vid 30
#
interface Ethernet0/4
dhcp select relay
#
interface Encrypt1/0
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface Ethernet0/0
add interface Ethernet0/0.1
add interface Ethernet0/0.2
add interface Ethernet0/0.3
set priority 85
#
firewall zone untrust
set priority 5
#
firewall zone DMZ
set priority 50
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
#
return
实验验证:
发布者:全栈程序员-用户IM,转载请注明出处:https://javaforall.cn/133986.html原文链接:https://javaforall.cn
【正版授权,激活自己账号】: Jetbrains全家桶Ide使用,1年售后保障,每天仅需1毛
【官方授权 正版激活】: 官方授权 正版激活 支持Jetbrains家族下所有IDE 使用个人JB账号...