用华为aaa认证写一个双pc加交换机加路由器的ensp
时间: 2023-07-20 17:34:19 浏览: 60
以下是一个基于华为AAA认证的双PC加交换机加路由器的ensp配置:
1. 配置PC1的认证用户和密码:
```
[aaa]local-user pc1 password irreversible-cipher %^%#W$%&*GF%^%#
```
2. 配置PC2的认证用户和密码:
```
[aaa]local-user pc2 password irreversible-cipher %^%#Q$%&*GF%^%#
```
3. 配置Radius服务器组:
```
[RADIUS服务组] radius-server group huawei
[RADIUS服务组-huawei] radius-server authentication 10.1.1.1 1812 weight 80
[RADIUS服务组-huawei] radius-server accounting 10.1.1.1 1813 weight 80
[RADIUS服务组-huawei] radius-server shared-key cipher %^%#E$%&*GF%^%#
```
4. 配置Radius服务器策略:
```
[Radius策略] radius scheme huawei
[Radius策略-huawei] authentication-scheme huawei
[Radius策略-huawei] accounting-scheme huawei
[Radius策略-huawei] radius-server group huawei
```
5. 配置AAA认证方案:
```
[AAA认证方案] aaa
[AAA认证方案-aaa] authentication-scheme huawei
[AAA认证方案-aaa] accounting-scheme huawei
```
6. 配置交换机端口:
```
[交换机端口] interface GigabitEthernet0/0/1
[交换机端口-GigabitEthernet0/0/1] port link-type access
[交换机端口-GigabitEthernet0/0/1] port default vlan 100
[交换机端口-GigabitEthernet0/0/1] authentication enable
[交换机端口-GigabitEthernet0/0/1] authentication-method radius
[交换机端口-GigabitEthernet0/0/1] authentication-quiet-period 5
[交换机端口-GigabitEthernet0/0/1] authentication host-mode multi-auth
[交换机端口-GigabitEthernet0/0/1] authentication guest-vlan 200
[交换机端口-GigabitEthernet0/0/1] radius-server group huawei
```
7. 配置路由器:
```
[路由器]interface GigabitEthernet0/0/1
[路由器-GigabitEthernet0/0/1]ip address 192.168.1.1 255.255.255.0
[路由器-GigabitEthernet0/0/1]authentication-mode radius
[路由器-GigabitEthernet0/0/1]radius scheme huawei
[路由器-GigabitEthernet0/0/1]radius-server group huawei
```
以上是一个基于华为AAA认证的双PC加交换机加路由器的ensp配置,具体的配置需要根据实际情况进行调整。