HUAWEI无线部署802.1认证（华为认证wlan）

HUAWEI无线部署802.1认证（华为认证wlan）

WLC:10.100.250.1Aglie:10.100.246.47

1、全网WIFI实现802.1X认证HUAWEI_S12708属于敏捷系列交换机，融合了有线无线技术，所以本案例无线控制器配置均在交换机底层配置网络部分：authentication unified-mode --交换机切换成统一模式，切换完成后重启生效

interface vlan 122ip address 10.100.122.1 255.255.254.0dhcp select global

ip pool vlan122gateway-list 10.100.122.1network 10.100.122.0 mask 255.255.254.0lease day 0 hour 8 minute 0dns-list 10.100.246.10 10.100.246.20

radius-server template JC_OFFICEradius-server shared-key cipher huawei@123radius-server authentication 10.100.246.47 1812 source ip-address 10.100.250.1 radius-server accounting 10.100.246.47 1813 source ip-address 10.100.250.1

radius-server authorization 10.100.246.47 shared-key ciphe huwei@123

aaaauthentication-scheme JC_OFFICEauthentication-mode radius none

accounting-scheme JC_OFFICEaccounting-mode radiusaccounting realtime 15

domain JC_OFFICEauthentication-scheme JC_OFFICEaccounting-scheme JC_OFFICEradius-server JC_OFFICE

authentication-profile name 802.1xdot1x-access-profile JC_OFFICEaccess-domain JC_OFFICEaccess-domain JC_OFFICE force

无线部分：wlan[S12700] wlan ac-global country-code cn --配置AC的国家码，使AC管理的AP的射频特性符合不同国家或区域的法律法规要求，国家码缺省值为CNWarning: Modifying the country code will clear channel configurations of the AP radio using the country code and reset the AP. If the new country code does not support the radio, all configurations of the radio are cleared. Continue?[Y/N]:y[S12700] wlan ac-global ac id 1 carrier id other --AC ID缺省为0，修改为1

capwap source interface vlanif250 --AP管理IP vlan

rrm-profile name jccalibrate auto-txpower-select disablesmart-roam enablesmart-roam roam-threshold snr 25

radio-2g-profile name radio-2grrm-profile jc

radio-5g-profile name radio-5grrm-profile jc

traffic-profile name JC_OFFICE

security-profile name JC_OFFICEsecurity wpa-wpa2 dot1x aes

ssid-profile name JC_OFFICEssid JC_OFFICEmax-sta-number 255

vap-profile name JC_OFFICEforward-mode tunnelservice-vlan vlan-id 999ssid-profile JC_OFFICEsecurity-profile JC_OFFICEtraffic-profile JC_OFFICEauthentication-profile 802.1x

ap-group name JCradio 0radio-2g-profile radio-2g vap-profile JC_OFFICE wlan 1eirp 15radio 1radio-5g-profile radio-5gvap-profile JC_OFFICE wlan 1eirp 18

ap-id 1 type-id 75 ap-mac C4FF-1FF5-ECA0 --AP MAC ap-name 6#1ap-group 6#6F

Agile Contrller部分：参考手册结合实际环境需求实施，本案列就不介绍

2、AC实现在线用户显示为AD成员，非IP地址，对AD成员进行管控及策略下发网络部分：将交换机与Radius服务器流量口镜像至AC设备interface XGigabitEthernet1/7/0/46description to neiwang_FWport-mirroring to observe-port 2 inboundport-mirroring to observe-port 2 outboundobserve-port 2 interface GigabitEthernet1/2/0/45 --这个口为直连AC口

网络部分：group-policy controller 10.100.246.47 password huawei@123 src-ip 10.100.250.1

display group-policy status --查看与Agile Controller-Campus连接状态display ucl-group all --查看安全组display acl all --查看访问权限控制策略

4、建立无线网络802.1x认证逃生机制authentication-scheme JC_OFFICEauthentication-mode radius none

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。