无线mac认证是常用的一种认证方式,本文实现无线AC结合imc V7版本实现mac认证。
iPhone-------AP(WA4620i)---WX5540E-------iMC
一.设备配置:
AC:
port-security enable
#
mac-authentication domain mac
mac-authentication user-name-format mac-address with-hyphen
#
vlan 1
#
vlan 2
#
vlan 10
#
vlan 15
radius scheme mac
primary authentication 192.168.10.12 key cipher $c$3$ADt27frWPmly049j2WUrLC7fzPPeWA==
primary accounting 192.168.10.12 key cipher $c$3$6ag2AXBg88/WD0Zt/Hw3Wy5UaWoO5Q==
nas-ip 192.168.2.1
domain mac
authentication lan-access radius-scheme mac
authorization lan-access radius-scheme mac
accounting lan-access radius-scheme mac
access-limit disable
state active
idle-cut disable
self-service-url disable
#
dhcp server ip-pool mactest
network 192.168.15.0 mask 255.255.255.0
gateway-list 192.168.15.1
dns-list 192.168.15.1
wlan service-template 4 clear
ssid mactest
bind WLAN-ESS 5
service-template enable
#
interface Vlan-interface2
ip address 192.168.2.1 255.255.255.0
portal server portal method direct
portal domain portal
portal nas-ip 192.168.14.31
portal mac-trigger enable
#
interface Vlan-interface15
ip address 192.168.15.1 255.255.255.0
#
interface Vlan-interface1000
#
interface M-GigabitEthernet1/0/0
ip address 192.168.14.31 255.255.248.0
#
interface WLAN-ESS5
port access vlan 15
port-security port-mode mac-authentication
mac-authentication domain mac
#
wlan ap ap1 model WA4620i-ACN id 3
serial-id 210235A1BRC145000105
client idle-timeout 900
radio 1
service-template 4
service-template 22
radio enable
radio 2
service-template 4
service-template 22
radio enable
#
ip route-static 10.0.0.0 255.0.0.0 192.168.8.1
#
dhcp enable
#
增加接入设备
增加服务策略
配置接入服务绑定此接入策略
配置接入用户,绑定接入服务
配置完之后客户端就可以上线
注意:imc服务器上的防火墙需要关闭,否则防火墙开启将会阻止ac发过来的radius报文,导致认证失败。
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作