beautypg.com

Sample tri-authentication configuration – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual

Page 1220

background image

AAA Introduction and Configuration

Software Reference for x310 Series Switches

44.10

AlliedWare Plus

TM

Operating System - Version 5.4.4C

C613-50046-01 REV A

Sample Tri-Authentication Configuration

See the below sample configuration script for a sample tri-authentication configuration
that configures 802.1X authentication, MAC authentication, and Web-authentication on
the same interface. Copy, paste, and edit the sample tri-authentication configuration for
your config file. See the

edit

command in the

Chapter 7, File Management Commands

for further information.

Output

The 802.1X authentication feature needs the

aaa authentication dot1x

command and

the

dot1x port-control

command configured on an interface. See

Chapter 45, AAA

Commands

and

Chapter 41, 802.1X Commands

for command information to edit this

configuration.

The MAC authentication feature needs the

aaa authentication auth-mac

and the

auth-

mac enable

commands configured on an interface. See

Chapter 45, AAA Commands

and

Chapter 43, Authentication Commands

for command information to edit this

configuration.

The Web-authentication feature needs the

aaa authentication auth-web

and the

auth-

web enable

commands configured on an interface. See

Chapter 45, AAA Commands

and

Chapter 43, Authentication Commands

for command information to edit this

configuration.

The local RADIUS Server has been configured to use tri-authentication in this sample
configuration. See the

radius-server local

and

server enable

commands in

Chapter 51,

Local RADIUS Server Commands

for command information to edit this sample

configuration.

This sample tri-authentication configuration requires a user name ‘guest’ with password
‘guest!’ on IP address 192.168.1.120 from port1.0.1. Note this sample also
configures 802.1X and MAC authentication on vlan1 with IP address 192.168.1.120.
Change the interface VLAN ID, MAC and IP address as needed for your configuration.

Figure 44-4: Sample Tri-Authentication Configuration

!
radius-server host 127.0.0.1 key awplus-local-radius-server
!
aaa authentication dot1x default group radius
aaa authentication auth-mac default group radius
aaa authentication auth-web default group radius
!
radius-server local
server enable
nas 127.0.0.1 key awplus-local-radius-server
user guest password guest!
user 00-d0-59-ab-70-37 password 00-d0-59-ab-70-37
!
no spanning-tree rstp enable
!
interface port1.0.1
switchport
switchport mode access
dot1x port-control auto
auth-mac enable
auth-web enable
!
interface vlan1
ip address 192.168.1.120/24
!

See also other documents in the category Allied Telesis Computer hardware: