Configure 802.1x remote authentication
Keywords:MSR;802.1x;radius
1. Requirements:
RTA connects to radius server through IP network, configure corresponding router protocol to make sure that RTA can access radius server. Router connects to client through Ethernet0/3 and start 802.1x authentication in Ethernet0/3.
Device:MSR series router
2. Network diagram:
3. Configuration steps:
Device and version:MSR20-21 series, version 5.20 and Beta 1106
|
RTA key configuration scripts |
|
#
//start 802.1x protocol in global configuration mode
dot1x
#
vlan 1
#
//set virtual interface address
interface Vlan-interface1
ip address 10.0.0.1 255.255.255.0
#
//connect IP network interface address
interface Ethernet0/1
port link-mode route
ip address 10.0.1.1 255.255.255.0
#
//start 802.1x protocol in port method.
interface ethernet 0/3
port link-mode bridge
dot1x port-method portbased
dot1x
#
//configure Radius authentication H3C
radius scheme h3c
primary authentication 10.0.1.100
primary accounting 10.0.1.100
server-type standard
key authentication h3c
key accounting h3c
user-name-format without-domain
#
//configure Radius authentication H3C
domain h3c.com
domain default enable h3c.com
#
//set h3c as the domain’s radius scheme
domain h3c.com
authentication default radius-scheme h3c
authorization default radius-scheme h3c
accounting default radius-scheme h3c
# |
4. Tips:
1 In radius server, please configure 1812 as authentication port and 1813 as accounting port.
2 In radius server, please add user “user” and password “pass”, and configure NAS encryption key as “h3c”
3 Configure router protocol to make sure router can access Radius server.
4 User authentication method is based on port method. dot1x port-method portbased
