ZXR108900SeriesUserManual(BasicConîš¿gurationVolume)
thenticationchannelforeachuserandotheruserscannotusethe
logicalchannelaftertheportisenabled.
Authentication
ServerSystem
AuthenticationserverisusuallyaRADIUSserver .Inauthentication
serveruser-relatedinformationisstoredsuchastheVLANwhere
theuserlocates,CARparameter ,priorityandaccesscontrollist
oftheuser .Oncetheuserpassesauthentication,theauthentica-
tionserverdeliversuser-relatedinformationtotheauthentication
systemwhichcreatesadynamicaccesscontrollist.Theabove
parametersareusedtomeasuresubsequenttrafîš¿coftheuser .
AuthenticationserverandRADIUSservercommunicatewitheach
otherthroughtheRADIUSprotocol.
ConfiguringDOT1x
ConfiguringAAA
Toconîš¿gureAAA,performthefollowingsteps.
Step
CommandFunction
1
ZXR10(config)#nas
Thisentersnasconîš¿guration
mode
2
ZXR10(config-nas)#createaaa<rule-id>[port
<port-name>][vlan<vlan-id>]
ThiscreatesAAAcontrolentry
3
ZXR10(config-nas)#aaa<rule-id>control
{dot1x|dot1x-relay}{enable|disable}
Thisenables/disablesdot1x
authenticationorrelay
4
ZXR10(config-nas)#aaa<rule-id>authentication
{auto|locl|radius}
Thisselectsanauthentication
mode
5
ZXR10(config-nas)#aaa<rule-id>protocol
{pap|chap|eap}
Thisselectsanauthentication
protocol
6
ZXR10(config-nas)#aaa<rule-id>keepalive{enable
[period<period-value>]|disable}
Thisconîš¿gureskeepalive
interval
7
ZXR10(config-nas)#aaa<rule-id>accounting
{enable|disable}
Thisconîš¿gurestochargeor
not
8
ZXR10(config-nas)#aaa<rule-id>multiple-hosts
{enable[max-hosts<host-number>]|disable}
Thisconîš¿gureswhether
multipleusersareallowedor
notandconîš¿guresuserquota
9
ZXR10(config-nas)#aaa<rule-id>default-isp
<isp-name>
Thisconîš¿guresthedefault
ISPservername
10
ZXR10(config-nas)#aaa<rule-id>fullaccount
{enable|disable}
Thisconîš¿gureswhetherto
containISPdomainnamein
username
11
ZXR10(config-nas)#aaa<rule-id>groupname
<group-name>
Thisconîš¿guresagroupname
114Conîš¿dentialandProprietaryInformationofZTECORPORATION
To Next Page
Loading...
Need help?
General