Dot1X Local Authentication Application - Zte ZXR10 5900 Series User Manual

All gigabit-port intelligent routing switch

Hide thumbs Also See for ZXR10 5900 Series:

User manual (133 pages)

Hardware manual (53 pages)

Product description (77 pages)

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

208

page of 208

/ 208
Contents
Table of Contents
Bookmarks

Table of Contents

The criteria is that Internet resources can only be accessed through

the authentication host and only enterprise network resources can

be accessed by other hosts.

�

Divide the hosts in the enterprise into a sub-network (or mul-

tiple sub-networks), where the hosts can access each other.

�

Enable the 802.1X trunk function on the Ethernet switch inside

the sub-network and enable 802.1X authentication on the Eth-

ernet port of the sub-network gateway.

�

Do not charge users inside the enterprise, and only authenti-

cate them on the Radius server. The master/slave authentica-

tion servers are 10.1.1.1/10.1.1.2 respectively. It is assumed

that the enterprise uses the 2826E Ethernet switch inside it

and gateway uses the ZXR10 5900/5200.

2826E configuration:

Set dot1xreley enable

ZXR10 5900/5200 configuration:

ZXR10(config)#radius authentication-group 1

ZXR10(config-authgrp-1)#server 1 10.1.1.1 key aaazte port 1812

ZXR10(config-authgrp-1)#server 2 10.1.1.2 key aaazte port 1812

ZXR10(config-authgrp-1)#exit

ZXR10(config)#nas

ZXR10(config-nas)#create aaa 1 port gei_1/1

ZXR10(config-nas)#aaa 1 control dot1x enable

ZXR10(config-nas)#aaa 1 authentication radius

ZXR10(config-nas)#aaa 1 authorization auto

ZXR10(config-nas)#aaa 1 accounting disable

ZXR10(config-nas)#aaa 1 multiple-hosts enable

ZXR10(config-nas)#aaa 1 default-isp zte163.net

ZXR10(config-nas)#aaa 1 fullaccount disable

ZXR10(config-nas)#aaa 1 radius-server authentication 1

Dot1x Local Authentication

Application

In the applications shown in

prise wants to register the network card address of each host.

Only the MAC address of the network card is checked when the

user uses any account to log in from the dot1x client. User can

each MAC address and sums up Internet access duration of the

user based on the number. ZXR10 5900/5200 can implement the

application requirement. Authenticator adopts ZXR10 5900/5200,

as shown in

Figure

29and

configuration as follows:

ZXR10(config)#radius accounting-group 1

ZXR10(config-acctgrp-1)#server 1 10.1.1.1 key aaazte

ZXR10(config-acctgrp-1)#server 2 10.1.1.2 key aaazte port

ZXR10(config-acctgrp-1)#exit

ZXR10(config)#nas

ZXR10(config-nas)#create aaa 1 port gei_1/1

ZXR10(config-nas)#aaa 1 control dot1x enable

ZXR10(config-nas)#aaa 1 authentication local

ZXR10(config-nas)#aaa 1 authorization auto

ZXR10(config-nas)#aaa 1 accounting disable

Confidential and Proprietary Information of ZTE CORPORATION

Chapter 12 DOT1X Configuration

Figure 29

and

Figure

30, to implement the application

30, the enter-

port

139

Table of Contents

Show Quick Links

Hide quick links:

Chapters

Table of Contents

This manual is also suitable for:

Zxr10 5200 series Zxr10 5924 Zxr10 5928 Zxr10 5928–fi Zxr10 5952 Zxr10 5224 ... Show all

Dot1X Local Authentication Application - Zte ZXR10 5900 Series User Manual

Hide quick links:

Chapters

Related Manuals for Zte ZXR10 5900 Series

Related Content for Zte ZXR10 5900 Series

This manual is also suitable for:

Table of Contents