最佳答案
v5无线AC配置本地1x认证配置:
1、AC需要导入证书
[H3C]pki domain 520
[WX5540E]pki import-certificate ca domain 520 pem filename 2003_server.cer
The trusted CA's finger print is:
MD5 fingerprint:7EFC 890E 3E04 543F 940A E5FF C79A EAD9
SHA1 fingerprint:AD8F 99DC CBBE 768E 69CE C10B 8C90 1A27 51BC FBA5
Is the finger print correct?(Y/N):y
Import CA certificate successfully.
[WX5540E]pki import-certificate local domain 520 p12 filename 2003_local.pfx
Please input challenge password:1 //删除证书public-key local destroy rsa
Import local certificate successfully.
Import key pair successfully.
#使能端口安全
port-security enable
#配置EAP
dot1x authentication-method eap
#
#创建PKI
pki entity 520
common-name 520
organization 520
#创建PKI
pki domain 520
certificate request from ca
certificate request entity 520
crl check disable
domain 522
authentication lan-access local
authorization lan-access local
accounting lan-access local
access-limit disable
state active
idle-cut disable
self-service-url disable
wlan service-template 105 crypto
ssid 1x-bendi
bind WLAN-ESS 105
cipher-suite tkip
security-ie wpa //配置在AP
service-template enable
#
ssl server-policy 520 //配置SSL
pki-domain 520 //调用PKI认证域520
ciphersuite rsa_rc4_128_sha
handshake timeout 180
close-mode wait
session cachesize 1000
#
#创建配置EAP
eap-profile 520
ssl-server-policy 520 //调用SSL服务策略
method peap-mschapv2 //配置EAP认证方法
#
interface WLAN-ESS105
port access vlan 12 //配置用户VLAN12
port-security port-mode userlogin-secure-ext //配置端口安全模式为userlogin-secureExt
port-security tx-key-type 11key //使能11KEY
undo dot1x handshake //关闭802.1x
dot1x mandatory-domain 522
#
wlan ap room2 model WA2620i-AGN id 1
serial-id 219801A0CMC146000765
radio 1
service-template 105
radio enable
radio 2
channel 6
service-template 105
bandwidth-guarantee enable
radio enable
#本地dot1x
local-server authentication eap-profile 520
local-user wlan //创建本地认证用户
password cipher $c$3$1gbICZB/srvSuh6DkJ7kPwoKauZibeY=
service-type lan-access
(0)
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
抄袭了我的内容
×
原文链接或出处
诽谤我
×
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论