Tearing down user connections forcibly, Configuring local eap authentication, Local eap authentication – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 69: Configuring the local eap authentication server
55
Tearing down user connections forcibly
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Tear down AAA user
connections forcibly.
cut connection { access-type { dot1x |
mac-authentication | portal } | all | domain
isp-name | interface interface-type
interface-number | ip ip-address | mac
mac-address | ucibindex ucib-index |
user-name user-name | vlan vlan-id }
Applicable to only LAN,
portal and PPP user
connections.
Configuring local EAP authentication
Local EAP authentication
Local EAP authentication can be used in some simple application environments to authenticate 802.1X
users. In addition, it can help implement the RADIUS offload feature, which enables the access device to
terminate EAP packets when the remote RADIUS server does not support EAP authentication. For more
information about RADIUS offload, see "
Enabling the RADIUS offload feature
Local EAP authentication is performed by the local EAP authentication server based on either the local
user database (the default) or an LDAP database. The local user database maintains all user accounts
configured on the access device, but an LDAP database maintains user accounts configured on the LDAP
server. Using the local user database is cost effective but the maximum number of users is limited by the
device's hardware. If an LDAP server is available, using an LDAP database is a good practice. It allows
you to implement centralized user information management in scenarios with multiple access devices.
Configuring local EAP authentication
To implement local EAP authentication, complete these tasks:
1.
Configure the local EAP authentication server. See "
Configuring the local EAP authentication
2.
Configure the device to use local authentication for LAN users. Whether to configure authorization
and accounting is up to you. See "
Configuring AAA authentication methods for an ISP domain
."
3.
Configure local users on the device, or add users on an LDAP server and configure an LDAP
scheme on the device. See "
," or the user
manuals of the LDAP server.
4.
Configure 802.1X on the device.
Configuring the local EAP authentication server
To configure the local EAP authentication server, complete the following tasks:
1.
Configure an EAP profile
An EAP profile is a collection of local EAP authentication settings, including the authentication method
and user database to be used and, for some authentication methods, the SSL server policy to be
referenced. The following EAP authentication methods are supported:
•
MD5 challenge
•
Protected Extensible Authentication Protocol-Microsoft Generic Token Card (PEAP-GTC)
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points H3C S10500 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S12500 Series Switches H3C S9500E Series Switches H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C SR8800 H3C SR6600-X H3C SR6600 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000