HP 6125G HP 6125G & 6125G/XG Blade Switches Security Configuration Gui - Page 106
X with ACL assignment configuration example, Network requirements, Configuration procedure
View all HP 6125G manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 106 highlights
802.1X with ACL assignment configuration example Network requirements As shown in Figure 35, the host at 192.168.1.10 connects to port GigabitEthernet 1/0/1 of the network access device. Perform 802.1X authentication on the port. Use the RADIUS server at 10.1.1.1 as the authentication and authorization server and the RADIUS server at 10.1.1.2 as the accounting server. Assign an ACL to GigabitEthernet 1/0/1 to deny the access of 802.1X users to the FTP server at 10.0.0.1/24 on weekdays during business hours from 8:00 to 18:00. Figure 35 Network diagram RADIUS server cluster Auth: 10.1.1.1 Acct: 10.1.1.2 GE1/0/2 GE1/0/1 Vlan-int2 Host 192.168.1.1/24 192.168.1.10/24 Device GE1/0/3 Internet FTP server 10.0.0.1/24 Configuration procedure The following configuration procedure provides the major AAA and RADIUS configuration on the access device. The configuration procedures on the 802.1X client and RADIUS server are beyond the scope of this configuration example. For information about AAA and RADIUS configuration commands, see Security Command Reference. 1. Configure 802.1X client. Make sure the client is able to update its IP address after the access port is assigned to the 802.1X guest VLAN or a server-assigned VLAN. (Details not shown.) 2. Configure the RADIUS servers, user accounts, and authorization ACL, ACL 3000 in this example. (Details not shown.) 3. Configure the access device: # Assign IP addresses to interfaces. (Details not shown.) # Configure the RADIUS scheme. system-view [Device] radius scheme 2000 [Device-radius-2000] primary authentication 10.1.1.1 1812 [Device-radius-2000] primary accounting 10.1.1.2 1813 [Device-radius-2000] key authentication abc [Device-radius-2000] key accounting abc [Device-radius-2000] user-name-format without-domain [Device-radius-2000] quit 96