beautypg.com

H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 7

background image

i

Contents

Configuring AAA ························································································································································· 1

 

AAA overview ··································································································································································· 1

 

RADIUS ······································································································································································ 2

 

HWTACACS ····························································································································································· 7

 

LDAP ·········································································································································································· 9

 

Domain-based user management ························································································································ 11

 

Protocols and standards ······································································································································· 12

 

RADIUS attributes ·················································································································································· 12

 

AAA configuration considerations and task list ·········································································································· 15

 

Configuring AAA schemes ············································································································································ 17

 

Configuring local users ········································································································································· 17

 

Configuring RADIUS schemes ······························································································································ 22

 

Configuring HWTACACS schemes ····················································································································· 36

 

Configuring LDAP schemes ·································································································································· 42

 

Configuring AAA methods for ISP domains ················································································································ 47

 

Configuration prerequisites ·································································································································· 47

 

Creating an ISP domain ······································································································································· 47

 

Configuring ISP domain attributes ······················································································································· 48

 

Configuring AAA authentication methods for an ISP domain ·········································································· 49

 

Configuring AAA authorization methods for an ISP domain ··········································································· 51

 

Configuring AAA accounting methods for an ISP domain ··············································································· 53

 

Tearing down user connections forcibly ······················································································································ 55

 

Configuring local EAP authentication ·························································································································· 55

 

Configuring a NAS ID-VLAN binding ·························································································································· 56

 

Specifying the device ID used in stateful failover mode ···························································································· 57

 

Displaying and maintaining AAA ································································································································ 57

 

AAA configuration examples ········································································································································ 58

 

HWTACACS authentication and authorization for Telnet users ······································································ 58

 

Local authentication and HWTACACS authorization for Telnet users ···························································· 59

 

RADIUS authentication, authorization, and accounting for wireless users ····················································· 61

 

Authentication for Telnet users by an LDAP server ····························································································· 63

 

AAA for portal users by a RADIUS server ·········································································································· 66

 

AAA for 802.1X users by a RADIUS server ······································································································· 80

 

Local EAP authentication and authorization for 802.1X users ········································································· 89

 

RADIUS offload for 802.1X users ························································································································ 91

 

Level switching authentication for Telnet users by an HWTACACS server ····················································· 93

 

Local EAP authentication for 802.1X users by an LDAP server ········································································ 96

 

Control of Temporary Access of Wireless Users ································································································ 98

 

Troubleshooting AAA ·················································································································································· 101

 

Troubleshooting RADIUS ····································································································································· 101

 

Troubleshooting HWTACACS ···························································································································· 102

 

Troubleshooting LDAP ········································································································································· 102

 

802.1X overview ···················································································································································· 104

 

802.1X architecture ····················································································································································· 104

 

Controlled/uncontrolled port and port authorization status ···················································································· 104

 

802.1X-related protocols ············································································································································ 105

 

Packet formats ······················································································································································ 105

 

EAP over RADIUS ················································································································································ 107