RADIUS服务器进行MAC验证文档格式.docx
《RADIUS服务器进行MAC验证文档格式.docx》由会员分享,可在线阅读,更多相关《RADIUS服务器进行MAC验证文档格式.docx(9页珍藏版)》请在冰豆网上搜索。
h3c>
sys
[h3c]sysnameAC(注意,AC为WA2620-AGN,本AC改名字的时候不能只打sys+名字,需要的是完整才能打出来sysname+名字)
[AC]intvlan1
[AC-vlan-interfacel]undoipadd
[AC-vlan-interfacel]vlan2
[AC-vlan2]vlan4
[AC-vlan4]intvlan4
[AC-vlan-interface4]ipadd192.168.4.124
[AC-vlan-interface4]quit
[AC]radiusschemeyu
[AC-radius-yu]server-typeextended
[AC-radius-yu]primaryauthentication192.168.5.1
[AC-radius-yu]primaryaccounting192.168.5.1
[AC-radius-yu]keyauthenticationh3c(radius上默认的密钥为h3c,可以重设,所以在配置上需要一致,所以这里配置h3c)
[AC-radius-yu]keyaccountingh3c
[AC-radius-yu]user-name-formatwithout-domain(注意:
这条指令的意思是,不用域名,让你在radius添加账户时可以不带域名)
[AC-isp-yu]authenticationlan-accessradius-schemeyu
[AC-isp-yu]authorizationlan-accessradius-schemelu
[AC-isp-yu]accountinglan-accessradius-schemelu
[AC]intg1/0/1
[AC-GigabitEthernet1/0/1]portlink-typetrunk
[AC-GigabitEthernet1/0/1]porttrunkpermitvlan1to24
[AC]interfaceWLAN-ESS7
[AC-WLAN-ESS7]portaccessvlan2
[AC-WLAN-ESS7]port-securityport-modemac-authentication
[AC]wlanservice-template7clear
[AC-wlan-st-7]ssidyu
[AC-wlan-st-7]bindWLAN-ESS7
[AC-wlan-st-7]service-templateenable
[AC]wlanapyumodelwa2620-agn
[AC-wlan-ap-yu]serial-id219801A0A89112G03396
[AC-wlan-ap-yu]radio2
[AC-wlan-ap-yu-radio-2]service-template7
[AC-wlan-ap-yu-radio-2]radioenable
[AC]iproute-static0.0.0.00.0.0.0192.168.4.254
[AC]local–user90c1151c77db
[AC-luser-90c1151c77db]passwordsimple90c1151c77db
(这里是接入的无线客户端的mac地址)
步骤二:
在AC交换模块上配置连接
ACSW
ac>
oapconnetslot0
acsw>
[acsw]intvlan1
[acsw-vlan-interfacel]undoipadd
[acsw-vlan-interfacel]vlan2
[acsw-vlan2]vlan4
[acsw-vlan4]quit
[acsw]interfaceGigabitEthernet1/0/8
[acsw-GigabitEthernet1/0/8]portlink-typetrunk
[acsw-GigabitEthernet1/0/8]porttrunkpermitvlan1to24
[acsw]intg1/0/9
[acsw-GigabitEthernet1/0/9]portlink-typetrunk
[acsw-GigabitEthernet1/0/9]porttrunkpermitvlan1to24
步骤三:
配置Dhcp中继交换机上的ip地址池
Dhcp中继交换机
[dhcp]vlan3
[dhcp]dhcpenable
[dhcp]dhcpserverip-pool1
[dhcp-pool-pool1]network192.168.1.024
[dhcp-pool-pool1]gateway-list192.168.1.254
[dhcp-pool-pool1]option43hex8007000001C0A80401
[dhcp-pool-pool2]network192.168.2.024
[dhcp-pool-pool2]gateway-list192.168.2.254
[dhcp]intvlan3
[dhcp-vlan-interface3]ipadd192.168.3.124
[dhcp]inte1/0/24
[dhcp-Ethernet1/0/24]portaccessvlan3
[dhcp]rip1
[dhcp-rip-1]network192.168.3.0
[dhcp]dhcpserverforbidden-ip192.168.1.254
[dhcp]dhcpserverforbidden-ip192.168.2.254
步骤四:
作为连接所有设备的交换机,配置其中继功能
SW
[sw]vlan2
[sw-vlan2]vlan3
[sw-vlan3]vlan4
[sw-vlan4]vlan5
[sw-vlan5]vlan6
[sw-vlan6]quit
[sw]dhcprelayserver-group1ip192.168.3.1
[sw]intvlan1
[sw-vlan-interfacel]ipadd192.168.1.25424
[sw-vlan-interfacel]dhcpselectrelay
[sw-vlan-interfacel]dhcprelayserver-select1
[sw-vlan-interface2]ipaddress192.168.2.25424
[sw-vlan-interface2]dhcpselectrelay
[sw-vlan-interface2]dhcprelayserver-select1
[sw-vlan-interface3]ipaddress192.168.3.25424
[sw-vlan-interface4]ipaddress192.168.4.25424
[sw-vlan-interface5]ipaddress192.168.5.25424
[sw-vlan-interface6]ipaddress192.168.6.25424
[sw]inte1/0/5
[sw-Ethernet1/0/5]portaccessvlan5
[sw]inte1/0/6
[sw-Ethernet1/0/6]portaccessvlan2
[sw]inte1/0/8
[sw-Ethernet1/0/8]portlink-typetrunk
[sw-Ethernet1/0/8]porttrunkpermitvlan1to24
[sw]inte1/0/24
[sw-Ethernet1/0/24]portaccessvlan3
[sw]rip1
[sw-rip-1]network192.168.1.0
[sw-rip-1]network192.168.2.0
[sw-rip-1]network192.168.3.0
[sw-rip-1]network192.168.4.0
[sw-rip-1]network192.168.5.0
[sw-rip-1]network192.168.6.0
[sw]dhcpenble
[sw]iproute-static0.0.0.00.0.0.0192.168.6.1(这里指向下一跳的地址,即连接外网的路由器的接口地址)
步骤五:
配置路由器上的路由功能
RA
[RA]aclnumber2000
[RA-acl-basic-2000]rule1permitsource192.168.2.00.0.0.255
[RA-acl-basic-2000]rule2permitsource192.168.6.00.0.0.255
[RA]rip
[RA-rip]network192.168.2.0
[RA-rip]network192.168.6.0
[RA]inte0/0
[RA-Ethernet0/0]ipadd192.168.6.124
[RA]inte0/1
[RA-Ethernet0/1]ipaddress10.3.102.3324
[RA-Ethernet0/1]natoutbound2000
[RA]iproute-static0.0.0.00.0.0.010.3.102.1
至此,基本配置全部完成
步骤五:
测试配置结果
查看3层注册是否成功
假如3层注册不成功,我们应该一环环进行检查,ping测试
ACpingswitch测试
DHCPpingswitch测试
3层注册成功后,我们检查下DHCP获取情况
建立起RADIUS服务器
手机连接过程与结果
手机客户端连接后的DHCP获取情况
查看一下路由器上nat转换的情况
接下来看看我们连接的手机是不是可以正常的上网
随便上的2个不同的网,再看看上面的各种图片证明,毫无疑问实验成功。