h3c核心交换机+ac控制器配置
时间: 2023-08-10 07:44:09 浏览: 148
对于H3C核心交换机和AC控制器的配置,具体步骤如下:
1. 首先,需要连接交换机和AC控制器。可以使用串口或者网络连接方式。
2. 在交换机上启用802.1x认证功能,并将其配置为向AC控制器发送认证请求。具体命令如下:
```
[Switch] dot1x
[Switch-dot1x] authentication-method eap
[Switch-dot1x] authentication host-mode multi-domain
[Switch-dot1x] authentication timer tx-period 5
[Switch-dot1x] port-method port-based
[Switch-dot1x] re-authenticate
[Switch-dot1x] quit
[Switch] dot1x mac-authentication
[Switch-dot1x-mac-authen] enable
[Switch-dot1x-mac-authen] quit
[Switch] dot1x enable
[Switch] dot1x access-control
[Switch-dot1x-access-control] server-type h3c
[Switch-dot1x-access-control] reauthentication
[Switch-dot1x-access-control] quit
[Switch] dot1x keepalive enable
[Switch] dot1x re-authenticate
[Switch] quit
[Switch] aaa
[Switch-aaa] local-user admin123 service-type telnet http
[Switch-aaa] local-user admin123 privilege level 15
[Switch-aaa] local-user admin123 password irreversible-cipher $1$uVJf$9MkDjLlF2XQqCzrjgkY/80
[Switch-aaa] quit
[Switch] radius scheme h3c
[Switch-radius-h3c] server-type extended
[Switch-radius-h3c] primary authentication 10.10.10.10 key cipher H3C$123456
[Switch-radius-h3c] primary accounting 10.10.10.10 key cipher H3C$123456
[Switch-radius-h3c] user-name-format without-domain
[Switch-radius-h3c] quit
[Switch] domain system
[Switch-domain-system] authentication login radius-scheme h3c
[Switch-domain-system] quit
[Switch] quit
```
3. 在AC控制器上配置认证服务。具体命令如下:
```
[AC] dot1x
[AC-dot1x] enable
[AC-dot1x] authentication-method eap
[AC-dot1x] quit
[AC] radius scheme h3c
[AC-radius-h3c] primary authentication 10.10.10.10 key cipher H3C$123456
[AC-radius-h3c] primary accounting 10.10.10.10 key cipher H3C$123456
[AC-radius-h3c] user-name-format without-domain
[AC-radius-h3c] quit
[AC] domain system
[AC-domain-system] authentication login radius-scheme h3c
[AC-domain-system] quit
[AC] quit
```
4. 配置AP的认证方式为802.1x,并将其配置为向AC控制器发送认证请求。具体命令如下:
```
[AP] dot1x
[AP-dot1x] authentication-method eap
[AP-dot1x] authentication host-mode multi-domain
[AP-dot1x] authentication timer tx-period 5
[AP-dot1x] port-method port-based
[AP-dot1x] re-authenticate
[AP-dot1x] quit
[AP] dot1x mac-authentication
[AP-dot1x-mac-authen] enable
[AP-dot1x-mac-authen] quit
[AP] dot1x enable
[AP] dot1x access-control
[AP-dot1x-access-control] server-type h3c
[AP-dot1x-access-control] reauthentication
[AP-dot1x-access-control] quit
[AP] dot1x keepalive enable
[AP] dot1x re-authenticate
[AP] quit
```
以上就是H3C核心交换机和AC控制器的配置步骤,可以根据实际情况进行调整。