ZXR105900/5200SeriesUserManual(BasicConîš¿gurationVolume)
alogicalauthenticationchannelforeachuserandotherusers
cannotusethelogicalchannelaftertheportisenabled.
3.AuthenticationserverisusuallyaRADIUSserver .Inauthen-
ticationserveruser-relatedinformationisstoredsuchasthe
VLANwheretheuserlocates,CARparameter ,priorityandac-
cesscontrollistoftheuser .Oncetheuserpassesauthen-
tication,theauthenticationserverdeliversuser-relatedinfor-
mationtotheauthenticationsystemwhichcreatesadynamic
accesscontrollist.Theaboveparametersareusedtomea-
suresubsequenttrafîš¿coftheuser .Authenticationserverand
RADIUSservercommunicatewitheachotherthroughtheRA-
DIUSprotocol.
ConfiguringDOT1X
ConfiguringAAA
1.TocreateanAAAcontrolentry,usethefollowingcommand.
CommandFunction
ZXR10(config-nas)#createaaa<rule-id>[port
<port-name>][vlan<vlan-id>]
ThiscreatesanAAAcontrol
entry.
2.ToclearanAAAcontrolentry,usethefollowingcommand.
CommandFunction
ZXR10(config-nas)#clearaaa<rule-id>ThisclearsanAAAcontrolentry.
3.Toenable/disabledot1xauthenticationortrunk,usethefol-
lowingcommand.
CommandFunction
ZXR10(config-nas)#aaa<rule-id>control{dot1x|dot1x
-relay}{enable|disable}
Thisenables/disablesdot1x
authenticationortrunk.
4.Toselectanauthenticationmode,usethefollowingcommand.
CommandFunction
ZXR10(config-nas)#aaa<rule-id>authentication
{local|radius}
Thisselectsanauthentication
mode.
5.Toselectanauthenticationprotocol,usethefollowingcom-
mand.
130Conîš¿dentialandProprietaryInformationofZTECORPORATION
To Next Page
Loading...
Need help?
General