beautypg.com

Tearing down user connections forcibly, Configuring local eap authentication, Local eap authentication – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 69: Configuring the local eap authentication server

background image

55

Tearing down user connections forcibly

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Tear down AAA user

connections forcibly.

cut connection { access-type { dot1x |
mac-authentication | portal } | all | domain
isp-name | interface interface-type

interface-number | ip ip-address | mac

mac-address | ucibindex ucib-index |
user-name user-name | vlan vlan-id }

Applicable to only LAN,
portal and PPP user
connections.

Configuring local EAP authentication

Local EAP authentication

Local EAP authentication can be used in some simple application environments to authenticate 802.1X

users. In addition, it can help implement the RADIUS offload feature, which enables the access device to
terminate EAP packets when the remote RADIUS server does not support EAP authentication. For more

information about RADIUS offload, see "

Enabling the RADIUS offload feature

."

Local EAP authentication is performed by the local EAP authentication server based on either the local

user database (the default) or an LDAP database. The local user database maintains all user accounts
configured on the access device, but an LDAP database maintains user accounts configured on the LDAP

server. Using the local user database is cost effective but the maximum number of users is limited by the

device's hardware. If an LDAP server is available, using an LDAP database is a good practice. It allows

you to implement centralized user information management in scenarios with multiple access devices.

Configuring local EAP authentication

To implement local EAP authentication, complete these tasks:

1.

Configure the local EAP authentication server. See "

Configuring the local EAP authentication

server

."

2.

Configure the device to use local authentication for LAN users. Whether to configure authorization
and accounting is up to you. See "

Configuring AAA authentication methods for an ISP domain

."

3.

Configure local users on the device, or add users on an LDAP server and configure an LDAP
scheme on the device. See "

Configuring local users

," "

Configuring LDAP schemes

," or the user

manuals of the LDAP server.

4.

Configure 802.1X on the device.

Configuring the local EAP authentication server

To configure the local EAP authentication server, complete the following tasks:

1.

Configure an EAP profile

An EAP profile is a collection of local EAP authentication settings, including the authentication method

and user database to be used and, for some authentication methods, the SSL server policy to be

referenced. The following EAP authentication methods are supported:

MD5 challenge

Protected Extensible Authentication Protocol-Microsoft Generic Token Card (PEAP-GTC)