案例1 AAA服務器搭建與實驗過程
拓撲圖:
1. aaa服務器的搭建:
RADIUS客戶端配置:
System-view
Sysname sw1
Radius scheme abc
Primary authentication 192.168.100.100
Key authentication 123456
Accounting optional
Server-type standard
User-name-format without-domain
Quit
Domain zzu
Radius scheme abc
Access-list enable 10
quit
Dot1x authentication-method pap
Inter e0/7
Dot1x
AAA認證服務器:
1:首先從開始裏面打開windows的控制面板,選擇增加刪除組件選項,然後選擇網絡服務選項,點詳細信息
2:從開始裏面選擇管理工具,internet驗證服務,新建客戶端此處爲192.168.100.32
3:在遠程訪問策略選項中選擇更該配置文件,並更改身份驗證爲pap 驗證模式
2.測試
3.連接
案例2
cisco Acs+h3c交換機做telnet測試
實驗目的:通過在思科的acs所做成的認證服務器建立用戶,與華爲的交換機(radius客戶端)配合,完成telnet登錄。(本案例略去了acs的安裝以及華爲私有命令導入的過程)
拓撲圖:
Acs配置:
telnet測試:
交換機配置:
<SW12>dis cu
#
sysname SW12
#
radius scheme system
server-type huawei
primary authentication 127.0.0.1 1645
primary accounting 127.0.0.1 1646
user-name-format without-domain
radius scheme abc
server-type huawei
primary authentication 192.168.100.156 1812
accounting optional
key authentication 123456
user-name-format without-domain
domain system
radius-scheme system
access-limit disable
state active
vlan-assignment-mode integer
idle-cut disable
self-service-url disable
messenger time disable
domain zzu
radius-scheme abc
access-limit enable 10
state active
vlan-assignment-mode integer
idle-cut disable
self-service-url disable
messenger time disable
domain default enable system
#
local-server nas-ip 127.0.0.1 key huawei
local-user user1
password simple 123
service-type telnet level 3
#
vlan 1
#
interface Vlan-interface1
ip address 192.168.100.32 255.255.255.0
#
interface Aux0/0
#
interface Ethernet0/1
#
interface Ethernet0/2
#
interface Ethernet0/3
#
interface Ethernet0/4
#
interface Ethernet0/5
#
interface Ethernet0/6
#
interface Ethernet0/7
#
interface Ethernet0/8
#
interface Ethernet0/9
#
interface Ethernet0/10
#
interface Ethernet0/11
#
interface Ethernet0/12
#
interface Ethernet0/13
#
interface Ethernet0/14
#
interface Ethernet0/15
#
interface Ethernet0/16
#
interface Ethernet0/17
#
interface Ethernet0/18
#
interface Ethernet0/19
#
interface Ethernet0/20
#
interface Ethernet0/21
#
interface Ethernet0/22
#
interface Ethernet0/23
#
interface Ethernet0/24
port link-type trunk
port trunk permit vlan all
#
interface NULL0
#
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
return
<SW12>