ZXR108900SeriesUserManual(BasicConîš¿gurationVolume)
previoussending,andpacketscanberesentforîš¿vetimesat
most.Directthesystemtoremovetheuserdomainnamefrom
theusernameandbeforesendingittotheRADIUSserver .
Conîš¿gurationontheswitch:
ZXR10(config)#radiusauthentication-group1
ZXR10(config-authgrp-1)#server110.1.1.1masterkeyaaazte
port1812
ZXR10(config-authgrp-1)#server210.1.1.2keyaaazteport1812
ZXR10(config-authgrp-1)#max-retries5
ZXR10(config-authgrp-1)#timeout5
ZXR10(config-authgrp-1)#exit
ZXR10(config)#radiusaccounting-group1
ZXR10(config-acctgrp-1)#server110.1.1.2masterkeyaaazte
port1813
ZXR10(config-acctgrp-1)#server210.1.1.1keyaaazteport1813
ZXR10(config)#nas
ZXR10(config-nas)#createaaa1portfei_1/1
ZXR10(config-nas)#aaa1controldot1xenable
ZXR10(config-nas)#aaa1authorizationauto
ZXR10(config-nas)#aaa1accountingenable
ZXR10(config-nas)#aaa1multiple-hostsenable
ZXR10(config-nas)#aaa1default-ispzte163.net
ZXR10(config-nas)#aaa1fullaccountdisable
ZXR10(config-nas)#aaa1radius-serverauthentication1
ZXR10(config-nas)#aaa1radius-serveraccounting1
Dot1xRelayAuthentication
Application
IntranettopologyofanenterpriseisshowninFigure31.
FIGURE31DOT1XRELAYAUTHENTICATIONAPPLICATION
Thecriterionisthatonlytheauthorizedhostsaregrantedaccess
totheInternetresourceswhiletheotherscanonlygetaccessto
theIntranetresources.
�Dividehostsintheenterpriseintoasub-network(ormultiple
sub-networks),wherethehostscanaccesseachother .
118Conîš¿dentialandProprietaryInformationofZTECORPORATION
To Next Page
Loading...
Need help?
General