Различия

Здесь показаны различия между двумя версиями данной страницы.

--- abills:docs:802.1x:ru [2009/01/20 12:30]
asmodeus
+++ abills:docs:802.1x:ru [2015/12/05 17:50] (текущий)
@@ Строка 182: / Строка 182: @@
 ==== D-link 30xx ====
 **DES-3018 Firmware: Build 3.00.034**\\
-[[http://www.dlink.ru/technical/faq_hub_switch_87.php|Guest VLAN]]
+[[http://www.dlink.ru/ru/faq/62/238.html|Guest VLAN]]
 Настройка с возможностью занесения пользователя в определённый VLAN
@@ Строка 216: / Строка 216: @@
 ^Type:               | Other |
 ^RADIUS Parameters (,) | Tunnel-Medium-Type=IEEE-802,\\ Tunnel-Private-Group-Id=20,\\ Tunnel-Type=VLAN |
+===Radius Parameters===
+После успешной авторизации RADIUS выдаёт следующие пары:\\
+Access-Accept - авторизация прошла успешно.
+  Sending Access-Accept of id 4 to 10.1.90.6 port 8021
+        EAP-Message = 0x03030004
+        Message-Authenticator = 0x00000000000000000000000000000000
+        User-Name = "test"
+        Session-Timeout = 1412650
+        Tunnel-Type:0 = VLAN
+        Tunnel-Medium-Type:0 = IEEE-802
+        Tunnel-Private-Group-Id:0 = "20"
+Акаунтинг Start от D-link
+  rad_recv: Accounting-Request packet from host 10.1.90.6:8022, id=5, length=103
+        Acct-Session-Id = "000000000001"
+        Acct-Status-Type = Start
+        Acct-Authentic = RADIUS
+        Acct-Delay-Time = 0
+        NAS-Port = 2
+        Calling-Station-Id = "00-13-77-34-5F-A8"
+        Service-Type = Framed-User
+        NAS-IP-Address = 10.1.90.6
+        NAS-Identifier = "D-Link"
+        User-Name = "test"
+  Sending Accounting-Response of id 5 to 10.1.90.6 port 8022
+==== Edge-Core ES3510 ====
+  Console(config)#radius-server key radsecret
+  Console(config)#radius-server 1 host 192.168.34.2
+  #Accounting
+  Console(config)#aaa group server radius tps-radius
+  Console(config)#server 1
+  Console(config)#aaa accounting dot1x tps start-stop group radius
+  Console(config)#aaa accounting update periodic 5
+  Console(config)#interface ethernet 1/2
+  Console(config-if)#accounting dot1x tps
+  #show 802.1x
+  Console#show dot1x
+  #enable 802.1x
+  Console(config)#dot1x system-auth-control
+  #Auth add port 1
+  Console(config)#interface ethernet 1/1
+  Console(config-if)#dot1x port-control auto
+  Console(config-if)#dot1x re-authentication
+  Console(config-if)#dot1x max-req 5
+  Console(config-if)#dot1x timeout quiet-period 30
+  Console(config-if)#dot1x timeout re-authperiod 1800
+  Console(config-if)#dot1x timeout tx-period 40
+  Console(config-if)#dot1x intrusion-action guest-vlan
+  Console(config-if)#exit
+  Console(config)#exit
+  Console#show dot1x
 =====Клиентская настройка=====
@@ Строка 229: / Строка 292: @@
 ====Links====
-[[http://www.ieee802.org/1/pages/802.1x.html]] - 802.1X - Port Based Network Access Control\\
+  * [[http://www.ieee802.org/1/pages/802.1x.html]] - 802.1X - Port Based Network Access Control
-[[http://www.ietf.org/rfc/rfc3579.txt|RFC3579]] - RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP)\\
+  * [[http://www.ietf.org/rfc/rfc3579.txt|RFC3579]] - RADIUS (Remote Authentication Dial In User Service) Support For Extensible Authentication Protocol (EAP)
-[[http://www.ietf.org/rfc/rfc2284.txt|RFC2284]] - Extensible Authentication Protocol (EAP)
+  * [[http://www.ietf.org/rfc/rfc2284.txt|RFC2284]] - Extensible Authentication Protocol (EAP)
-[[http://ru.wikipedia.org/wiki/IEEE_802.1X]]
+  * [[http://ru.wikipedia.org/wiki/IEEE_802.1X]]
-[[http://www.citforum.ru/nets/articles/authentication/]]
+  * [[http://www.citforum.ru/nets/articles/authentication/]]
+  * [[http://xgu.ru/wiki/802.1X_RADIUS#.D0.9D.D0.B0.D1.81.D1.82.D1.80.D0.BE.D0.B9.D0.BA.D0.B0_.D0.BA.D0.BE.D0.BC.D0.BC.D1.83.D1.82.D0.B0.D1.82.D0.BE.D1.80.D0.B0_HP_ProCurve_.D0.B4.D0.BB.D1.8F_.D1.80.D0.B0.D0.B1.D0.BE.D1.82.D1.8B_.D0.B0.D1.83.D1.82.D0.B5.D0.BD.D1.82.D0.B8.D1.84.D0.B8.D0.BA.D0.B0.D1.82.D0.BE.D1.80.D0.BE.D0.BC|802.1X и RADIUS]]
 Hits: ~~STATS:entries~~