夜雨聆风
最强网络准入开源软件-Packetfence-华为交换机准入配置(二)
添加交换机
sysname HW-S5720S#vlan batch 18 100 200 1000 //创建vlan(对应管理vlan、注册vlan、隔离vlan、默认vlan)#undo authentication unified-mode //将 NAC(网络接入控制)配置模式 从统一模式切换回传统模式authentication mac-move enable vlan all //启用所有VLAN的MAC迁移功能#domain pf //创建用于管理用户的认证、授权和计费配置的域,域名pf#radius-server authorization calling-station-id decode-mac-format ascii hyphen-split common//解析RADIUS中MAC地址的格式为xx-xx-xx-xx-xx-xx#dot1x enable //启用802.1X认证功能dot1x dhcp-triggerdot1x timer quiet-period 30 //认证失败的802.1X用户被静默的时间为30秒dot1x timer reauthenticate-period 7200 // 802.1X 的重认证周期7200秒mac-authen //启用MAC认证功能mac-authen timer reauthenticate-period 7200 //MAC重认证周期为7200秒#lldp enable#//配置radius服务认证配置radius-server template defaultradius-server template packetfenceradius-server shared-key cipher %^%#(Dx]"YQ=p1^=3n3C|C@ER{3-#U\/2K^S3&Xn=Kg;%^%#radius-server authentication 192.168.18.73 1812 weight 80radius-server accounting 192.168.18.73 1813 weight 80radius-server retransmit 2radius-server authorization 192.168.18.73 shared-key cipher %^%#Xp-TAIStM2"l>'#eVNm&<}W@0+bs=RGV`zNZ>Of>%^%##//配置AAA认证模式为radiusaaaauthentication-scheme defaultauthentication-scheme radiusauthentication-mode radiusauthentication-scheme pf-authauthentication-mode radiusauthorization-scheme defaultaccounting-scheme defaultaccounting-scheme pf-acctaccounting-mode radiuslocal-aaa-user password policy administratorpassword expire 0service-scheme pf-clidomain defaultauthentication-scheme radiusradius-server defaultdomain default_adminauthentication-scheme defaultdomain pfauthentication-scheme pf-authaccounting-scheme pf-acctservice-scheme pf-cliradius-server packetfencelocal-user admin password irreversible-cipher $1a$a66S&'ard'$/P<V;!@VEMl[~26FI*dH#Db($gai"<6a$;$,oo@X$local-user admin privilege level 15local-user admin service-type ssh#interface Vlanif1#interface Vlanif18ip address 192.168.18.77 255.255.255.0#interface Vlanif1000ip address 10.10.100.254 255.255.255.0#//统一对端口进行802.1X认证配置interface GigabitEthernet0/0/1port link-type hybridport hybrid pvid vlan 1000undo port hybrid vlan 1port hybrid tagged vlan 2 to 4094dot1x mac-bypassdot1x max-user 2dot1x reauthenticatedot1x authentication-method eap#interface GigabitEthernet0/0/2port link-type hybridport hybrid pvid vlan 1000undo port hybrid vlan 1port hybrid tagged vlan 2 to 4094dot1x mac-bypassdot1x max-user 2dot1x reauthenticatedot1x authentication-method eap#interface GigabitEthernet0/0/3port link-type hybridport hybrid pvid vlan 1000undo port hybrid vlan 1port hybrid tagged vlan 2 to 4094dot1x mac-bypassdot1x max-user 2dot1x reauthenticatedot1x authentication-method eap#interface GigabitEthernet0/0/4port link-type hybridport hybrid pvid vlan 1000undo port hybrid vlan 1port hybrid tagged vlan 2 to 4094dot1x mac-bypassdot1x max-user 2dot1x reauthenticatedot1x authentication-method eap#interface GigabitEthernet0/0/5port link-type hybridport hybrid pvid vlan 1000undo port hybrid vlan 1port hybrid tagged vlan 2 to 4094dot1x mac-bypassdot1x max-user 2dot1x reauthenticatedot1x authentication-method eap#interface GigabitEthernet0/0/6port link-type hybridport hybrid pvid vlan 1000undo port hybrid vlan 1port hybrid tagged vlan 2 to 4094dot1x mac-bypassdot1x max-user 2dot1x reauthenticatedot1x authentication-method eap#interface GigabitEthernet0/0/7port link-type hybridport hybrid pvid vlan 1000undo port hybrid vlan 1port hybrid tagged vlan 2 to 4094dot1x mac-bypassdot1x max-user 2dot1x reauthenticatedot1x authentication-method eap#interface GigabitEthernet0/0/8port link-type hybridport hybrid pvid vlan 1000undo port hybrid vlan 1port hybrid tagged vlan 2 to 4094dot1x mac-bypassdot1x max-user 2dot1x reauthenticatedot1x authentication-method eap#interface GigabitEthernet0/0/9port link-type hybridport hybrid pvid vlan 1000undo port hybrid vlan 1port hybrid tagged vlan 2 to 4094dot1x mac-bypassdot1x max-user 2dot1x reauthenticatedot1x authentication-method eap#interface GigabitEthernet0/0/10port link-type hybridport hybrid pvid vlan 1000undo port hybrid vlan 1port hybrid tagged vlan 2 to 4094dot1x mac-bypassdot1x max-user 2dot1x reauthenticatedot1x authentication-method eap#interface GigabitEthernet0/0/11port link-type hybridport hybrid pvid vlan 1000undo port hybrid vlan 1port hybrid tagged vlan 2 to 4094dot1x mac-bypassdot1x max-user 2dot1x reauthenticatedot1x authentication-method eap#interface GigabitEthernet0/0/12port link-type hybridport hybrid pvid vlan 1000undo port hybrid vlan 1port hybrid tagged vlan 2 to 4094dot1x mac-bypassdot1x max-user 2dot1x reauthenticatedot1x authentication-method eap#interface GigabitEthernet0/0/13port link-type hybridport hybrid pvid vlan 1000undo port hybrid vlan 1port hybrid tagged vlan 2 to 4094dot1x mac-bypassdot1x max-user 2dot1x reauthenticatedot1x authentication-method eap#interface GigabitEthernet0/0/14port link-type hybridport hybrid pvid vlan 1000undo port hybrid vlan 1port hybrid tagged vlan 2 to 4094dot1x mac-bypassdot1x max-user 2dot1x reauthenticatedot1x authentication-method eap#interface GigabitEthernet0/0/15port link-type hybridport hybrid pvid vlan 1000undo port hybrid vlan 1port hybrid tagged vlan 2 to 4094dot1x mac-bypassdot1x max-user 2dot1x reauthenticatedot1x authentication-method eap#interface GigabitEthernet0/0/16port link-type hybridport hybrid pvid vlan 1000undo port hybrid vlan 1port hybrid tagged vlan 2 to 4094dot1x mac-bypassdot1x max-user 2dot1x reauthenticatedot1x authentication-method eap#interface GigabitEthernet0/0/17port link-type hybridport hybrid pvid vlan 1000undo port hybrid vlan 1port hybrid tagged vlan 2 to 4094dot1x mac-bypassdot1x max-user 2dot1x reauthenticatedot1x authentication-method eap#interface GigabitEthernet0/0/18port link-type hybridport hybrid pvid vlan 1000undo port hybrid vlan 1port hybrid tagged vlan 2 to 4094dot1x mac-bypassdot1x max-user 2dot1x reauthenticatedot1x authentication-method eap#interface GigabitEthernet0/0/19port link-type hybridport hybrid pvid vlan 1000undo port hybrid vlan 1port hybrid tagged vlan 2 to 4094dot1x mac-bypassdot1x max-user 2dot1x reauthenticatedot1x authentication-method eap#interface GigabitEthernet0/0/20port link-type hybridport hybrid pvid vlan 1000undo port hybrid vlan 1port hybrid tagged vlan 2 to 4094dot1x mac-bypassdot1x max-user 2dot1x reauthenticatedot1x authentication-method eap#interface GigabitEthernet0/0/21#interface GigabitEthernet0/0/22#interface GigabitEthernet0/0/23#interface GigabitEthernet0/0/24port link-type trunkport trunk pvid vlan 18undo port trunk allow-pass vlan 1port trunk allow-pass vlan 18 1000stp disable#interface XGigabitEthernet0/0/1#interface XGigabitEthernet0/0/2#interface XGigabitEthernet0/0/3#interface XGigabitEthernet0/0/4#interface NULL0#snmp-agentsnmp-agent local-engineid 800007DB0360DEF3722A30snmp-agent community read cipher %^%#L/mz;k`!q+Pn"4'n`~Y<;WD<"xmbb-US0,Q+tyoK^|V%YWpfh:pRC2OLb(kHXRR59K*x:(gd)\@!eb0.%^%# mib-view iso-viewsnmp-agent sys-info version v2c v3snmp-agent target-host trap address udp-domain 192.168.18.73 params securityname cipher %^%#MgY{V2BEm:kIC&ZF\)[8_s;G~h]f29D}8^;A9Y6:%^%#snmp-agent mib-view included iso-view isosnmp-agent trap enable#stelnet server enablessh user adminssh user admin authentication-type passwordssh user admin service-type stelnet#user-interface con 0authentication-mode noneuser-interface vty 0 4authentication-mode aaaprotocol inbound alluser-interface vty 16 20#
