三期B02标准组网
每个业务组单独配置一个安全组,(安全组一、安全组二、安全组三、安全组n
下面以其中一个名为“
一、创建一个二层网络域,名字为“二层网络域1”,私网这里选择这个二层网络域对应要创建在哪个“私网”下即可,这里想创建在vpn-default下,所以选择vpn-default私网。
二、增加一个安全组,名字为“
三、增加一个接入组,名字为“接入组1
四、接入条件管理à终端ip地址分组中,增加一个基于终端ip
五、在接入策略中,创建一个名字为“二层网络域1静态ip策略”,并且选择“
六、在byod接入组中,增加一个名字为“
创建成功后,结果如下:
七、创建一个账号“静态用户1”,并绑定到“接入组1”
八、终端在mac
[leaf-GigabitEthernet1/0/1]dis this
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port-isolate enable group 1
qos apply policy zwn inbound
qos apply policy zwn outbound
mac-based ac
dot1x
mac-authentication
mac-authentication carry user-ip
mac-authentication domain h3c
port-security free-vlan 1 3503 to 3504 3506 to 3509 3511 to 3515 4094
#
1、使用一台静态配置ip
[leaf-GigabitEthernet1/0/1]dis mac-au con
Total connections: 1
Slot ID: 1
User MAC address: 0cda-411d-4be6
Access interface: GigabitEthernet1/0/1
Username: 0cda411d4be6
User access state: Successful
Authentication domain: h3c
IPv4 address: 155.0.0.15
Initial VLAN: 101
Authorization untagged VLAN: N/A
Authorization tagged VLAN: N/A
Authorization VSI: vsi3515
Authorization ACL ID: 3001
Authorization user profile: N/A
Authorization CAR: N/A
Authorization URL: http://110.0.5.93:8080/byod?usermac=%m&userip=%c&userurl=%o
Termination action: Default
Session timeout period: 86400 s
Online from: 2013/01/15 00:21:20
Online duration: 0h 0m 30s
2、终端随意打开1.1.1.1网站,成功跳转到认证页面,输入“静态用户1”的用户名密码后上线成功:
[leaf-GigabitEthernet1/0/1]dis mac-au con
Total connections: 1
Slot ID: 1
User MAC address: 0cda-411d-4be6
Access interface: GigabitEthernet1/0/1
Username: 0cda411d4be6
User access state: Successful
Authentication domain: h3c
IPv4 address: 155.0.0.15
Initial VLAN: 101
Authorization untagged VLAN: N/A
Authorization tagged VLAN: N/A
Authorization VSI: vsi3515
Authorization ACL ID: N/A
Authorization user profile: N/A
Authorization CAR: N/A
Authorization URL: N/A
Termination action: Default
Session timeout period: 86400 s
Online from: 2013/01/15 00:28:24
Online duration: 0h 0m 4s
3、验证终端移动的场景,移动前在access
后续这台电脑随意挪到了access
每个leaf
1、业务—
2、在leaf
4、最后查看部署结果可以看到leaf
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作