Различия
Здесь показаны различия между двумя версиями данной страницы.
| Предыдущая версия справа и слева Предыдущая версия Следующая версия | Предыдущая версия | ||
|
abills:docs:802.1x:ru [2009/02/04 16:57] asmodeus |
abills:docs:802.1x:ru [2015/12/05 17:50] (текущий) |
||
|---|---|---|---|
| Строка 216: | Строка 216: | ||
| ^Type: | Other | | ^Type: | Other | | ||
| ^RADIUS Parameters (,) | Tunnel-Medium-Type=IEEE-802,\\ Tunnel-Private-Group-Id=20,\\ Tunnel-Type=VLAN | | ^RADIUS Parameters (,) | Tunnel-Medium-Type=IEEE-802,\\ Tunnel-Private-Group-Id=20,\\ Tunnel-Type=VLAN | | ||
| + | |||
| + | ===Radius Parameters=== | ||
| + | |||
| + | После успешной авторизации RADIUS выдаёт следующие пары:\\ | ||
| + | |||
| + | Access-Accept - авторизация прошла успешно. | ||
| + | Sending Access-Accept of id 4 to 10.1.90.6 port 8021 | ||
| + | EAP-Message = 0x03030004 | ||
| + | Message-Authenticator = 0x00000000000000000000000000000000 | ||
| + | User-Name = "test" | ||
| + | Session-Timeout = 1412650 | ||
| + | Tunnel-Type:0 = VLAN | ||
| + | Tunnel-Medium-Type:0 = IEEE-802 | ||
| + | Tunnel-Private-Group-Id:0 = "20" | ||
| + | |||
| + | Акаунтинг Start от D-link | ||
| + | |||
| + | rad_recv: Accounting-Request packet from host 10.1.90.6:8022, id=5, length=103 | ||
| + | Acct-Session-Id = "000000000001" | ||
| + | Acct-Status-Type = Start | ||
| + | Acct-Authentic = RADIUS | ||
| + | Acct-Delay-Time = 0 | ||
| + | NAS-Port = 2 | ||
| + | Calling-Station-Id = "00-13-77-34-5F-A8" | ||
| + | Service-Type = Framed-User | ||
| + | NAS-IP-Address = 10.1.90.6 | ||
| + | NAS-Identifier = "D-Link" | ||
| + | User-Name = "test" | ||
| + | Sending Accounting-Response of id 5 to 10.1.90.6 port 8022 | ||
| + | |||
| + | |||
| + | |||
| + | ==== Edge-Core ES3510 ==== | ||
| + | |||
| + | Console(config)#radius-server key radsecret | ||
| + | Console(config)#radius-server 1 host 192.168.34.2 | ||
| + | | ||
| + | #Accounting | ||
| + | Console(config)#aaa group server radius tps-radius | ||
| + | Console(config)#server 1 | ||
| + | Console(config)#aaa accounting dot1x tps start-stop group radius | ||
| + | Console(config)#aaa accounting update periodic 5 | ||
| + | Console(config)#interface ethernet 1/2 | ||
| + | Console(config-if)#accounting dot1x tps | ||
| + | | ||
| + | #show 802.1x | ||
| + | Console#show dot1x | ||
| + | | ||
| + | #enable 802.1x | ||
| + | Console(config)#dot1x system-auth-control | ||
| + | | ||
| + | #Auth add port 1 | ||
| + | Console(config)#interface ethernet 1/1 | ||
| + | Console(config-if)#dot1x port-control auto | ||
| + | Console(config-if)#dot1x re-authentication | ||
| + | Console(config-if)#dot1x max-req 5 | ||
| + | Console(config-if)#dot1x timeout quiet-period 30 | ||
| + | Console(config-if)#dot1x timeout re-authperiod 1800 | ||
| + | Console(config-if)#dot1x timeout tx-period 40 | ||
| + | Console(config-if)#dot1x intrusion-action guest-vlan | ||
| + | Console(config-if)#exit | ||
| + | Console(config)#exit | ||
| + | Console#show dot1x | ||
| =====Клиентская настройка===== | =====Клиентская настройка===== | ||