Configuring a nas id-vlan binding – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 70

Advertising
background image

56

Protected Extensible Authentication Protocol-Microsoft Challenge Handshake Authentication

Protocol v2 (PEAP-MSCHAPv2)

Transport Layer Security (TLS)

The device supports these user information query mechanisms: local query, LDAP query, and LDAP query

plus local query. With the last mechanism, local query is used when the LDAP server is not reachable, the

specified LDAP scheme does not exist, or the LDAP server does not support the query.

2.

Configure the local authentication server to use the EAP profile

To configure the local EAP authentication server:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create an EAP profile and
enter EAP profile view.

eap-profile profile-name N/A

3.

Specify the EAP
authentication method.

method { md5 | peap-gtc |
peap-mschapv2 | tls }

By default, no EAP authentication
method is specified for an EAP

profile.
To configure multiple EAP
authentication methods, repeat this

step. A method configured earlier
has a higher priority.
PEAP-GTC and PEAP-MSCHAPv2
are mutually exclusive.

4.

Specify the user credential

verification approach for local
EAP authentication.

user-credentials { ldap-scheme
ldap-scheme-name [ local ] | local }

Optional.
By default, the local user database
is used for user credential

verification.

5.

Specify the SSL server policy
for EAP authentication.

ssl-server-policy policy-name

Required when the EAP
authentication method of
PEAP-GTC, PEAP-MSCHAPv2, or

TLS is configured.
By default, no SSL server policy is

specified for an EAP profile.

6.

Return to system view.

quit

N/A

7.

Specify the EAP profile for the
local authentication server.

local-server authentication

eap-profile profile-name

N/A

NOTE:

You cannot modify or remove an EAP profile that is referenced by the local authentication server.

For more information about SSL server policy configuration, see "Configuring SSL."

Configuring a NAS ID-VLAN binding

The access locations of users can be identified by their access VLANs. In application scenarios where it

is required to identify the access locations of users, configure NAS ID-VLAN bindings on the access

device. Then, when a user gets online, the access device obtains the NAS ID by the access VLAN of the

user and sends the NAS ID to the RADIUS server through the NAS-identifier attribute.

Advertising
This manual is related to the following products:

H3C WX5500E Series Access Controllers, H3C WX3500E Series Access Controllers, H3C WX2500E Series Access Controllers, H3C WX6000 Series Access Controllers, H3C WX5000 Series Access Controllers, H3C LSWM1WCM10 Access Controller Module, H3C LSUM3WCMD0 Access Controller Module, H3C LSUM1WCME0 Access Controller Module, H3C LSWM1WCM20 Access Controller Module, H3C LSQM1WCMB0 Access Controller Module, H3C LSRM1WCM2A1 Access Controller Module, H3C LSBM1WCM2A0 Access Controller Module, H3C WA3600 Series Access Points, H3C WA2600 Series WLAN Access Points, H3C S10500 Series Switches, H3C S5800 Series Switches, H3C S5820X Series Switches, H3C S12500 Series Switches, H3C S9500E Series Switches, H3C MSR 5600, H3C MSR 50, H3C MSR 3600, H3C MSR 30, H3C MSR 2600, H3C MSR 20-2X[40], H3C MSR 20-1X, H3C MSR 930, H3C MSR 900, H3C SR8800, H3C SR6600-X, H3C SR6600, H3C SecPath F5020, H3C SecPath F5040, H3C VMSG VFW1000

Popular Brands
Popular manuals