Manualshelf

R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution
111112113114115116117118119120
103
802.1X with ACL assignment configuration
example
Network requirements
As shown in Figure 39, the host at 192.168.1.10 connects to port GigabitEthernet 3/0/1 of Router.
Perform 802.1X authentication on the port. Use the RADIUS server at 10.1.1.1 as the authentication and
authorization server and the RADIUS server at 10.1.1.2 as the accounting server. Assign an ACL to
GigabitEthernet 3/0/1 to deny the access of 802.1X users to the FTP server at 10.0.0.1/24 on weekdays
during business hours from 8:00 to 18:00.
Figure 39 Network diagram
Configuration procedure
The following configuration procedure provides the major AAA and RADIUS configuration on the Router.
The configuration procedures on the 802.1X client and RADIUS server are beyond the scope of this
configuration example. For information about AAA and RADIUS configuration commands, see Security
Command Reference.
1. Configure 802.1X client. Make sure the client is able to update its IP address after the access port
is assigned to the 802.1X guest VLAN or a server-assigned VLAN. (Details not shown.)
2. Configure the RADIUS servers, user accounts, and authorization ACL, ACL 3000 in this example.
(Details not shown.)
3. Configure the Router:
# Assign IP addresses to interfaces. (Details not shown.)
# Configure the RADIUS scheme.
<Router> system-view
[Router] radius scheme 2000
[Router-radius-2000] primary authentication 10.1.1.1 1812
[Router-radius-2000] primary accounting 10.1.1.2 1813
[Router-radius-2000] key authentication abc
[Router-radius-2000] key accounting abc
[Router-radius-2000] user-name-format without-domain
[Router-radius-2000] quit