Dot1X Relay Authentication Application; Figure 31 Dot1X Relay Authentication Application - Zte ZXR10 8900 Series User Manual

ZXR10 8900 Series User Manual (Basic Configuration Volume)
F 31 D 1 R
IGURE OT X ELAY
118 Confidential and Proprietary Information of ZTE CORPORATION
previous sending, and packets can be resent for five times at
most. Direct the system to remove the user domain name from
the user name and before sending it to the RADIUS server.
Configuration on the switch:
ZXR10(config)#radius authentication-group 1
ZXR10(config-authgrp-1)#server 1 10.1.1.1 master key aaazte
port 1812
ZXR10(config-authgrp-1)#server 2 10.1.1.2 key aaazte port 1812
ZXR10(config-authgrp-1)#max-retries 5
ZXR10(config-authgrp-1)#timeout 5
ZXR10(config-authgrp-1)#exit
ZXR10(config)#radius accounting-group 1
ZXR10(config-acctgrp-1)#server 1 10.1.1.2 master key aaazte
port 1813
ZXR10(config-acctgrp-1)#server 2 10.1.1.1
ZXR10(config)#nas
ZXR10(config-nas)#create aaa 1 port fei_1/1
ZXR10(config-nas)#aaa 1 control dot1x enable
ZXR10(config-nas)#aaa 1 authorization auto
ZXR10(config-nas)#aaa 1 accounting enable
ZXR10(config-nas)#aaa 1 multiple-hosts enable
ZXR10(config-nas)#aaa 1 default-isp zte163.net
ZXR10(config-nas)#aaa 1 fullaccount disable
ZXR10(config-nas)#aaa 1 radius-server authentication 1
ZXR10(config-nas)#aaa 1 radius-server accounting 1
Dot1x Relay Authentication
Application
Intranet topology of an enterprise is shown in
A A
UTHENTICATION PPLICATION
The criterion is that only the authorized hosts are granted access
to the Internet resources while the others can only get access to
the Intranet resources.
� Divide hosts in the enterprise into a sub-network (or multiple
sub-networks), where the hosts can access each other.
key aaazte port 1813
Figure 31.