Aaa for portal users by a radius server, Network requirements – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 80
66
[AC] telnet server enable
# Assign the IP address 10.1.1.2/24 to interface VLAN-interface 2, through which Telnet users access the
AC.
[AC] interface Vlan-interface2
[AC-Vlan-interface2] ip address 10.1.1.2 24
[AC-Vlan-interface2] quit
# Configure the AC to use AAA for Telnet users.
[AC] user-interface vty 0 4
[AC-ui-vty0-4] authentication-mode scheme
[AC-ui-vty0-4] quit
# Specify the system predefined ISP domain system as the default ISP domain.
[AC] domain default enable system
# Configure an LDAP scheme.
[AC] ldap scheme ldap1
# Specify the IP address of the LDAP authentication server.
[AC-ldap-ldap1] authentication-server 10.1.1.1
# Specify the administrator DN.
[AC-ldap-ldap1] login-dn cn=administrator,cn=users,dc=ldap,dc=com
# Specify the administrator password.
[AC-ldap-ldap1] login-password simple admin!123456
# Configure the base DN for user search.
[AC-ldap-ldap1] user-parameters search-base-dn dc=ldap,dc=com
[AC-ldap-ldap1] quit
# Configure an authentication method for login users or configure the default authentication method for
all types of users.
•
To configure an authentication method for login users:
[AC] domain system
[AC-isp-system] authentication login ldap-scheme ldap1
[AC-isp-system] quit
•
To configure the default authentication method for all types of users.
[AC] domain system
[AC-isp-system] authentication default ldap-scheme ldap1
3.
Verify the configuration
Telnet to the AC and enter the username aaa and password ldap!123456. You pass authentication as a
user in domain system, and log in to the AC.
AAA for portal users by a RADIUS server
Network requirements
As shown in
, a wireless client accesses the AC through an AP, and a host functions as both the
RADIUS authentication/accounting server and the portal server. Complete the following tasks:
•
Assign the wireless client a public network IP address or configure the client to automatically obtain
one through DHCP.