Configuring a nas id-vlan binding – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 70
56
•
Protected Extensible Authentication Protocol-Microsoft Challenge Handshake Authentication
Protocol v2 (PEAP-MSCHAPv2)
•
Transport Layer Security (TLS)
The device supports these user information query mechanisms: local query, LDAP query, and LDAP query
plus local query. With the last mechanism, local query is used when the LDAP server is not reachable, the
specified LDAP scheme does not exist, or the LDAP server does not support the query.
2.
Configure the local authentication server to use the EAP profile
To configure the local EAP authentication server:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Create an EAP profile and
enter EAP profile view.
eap-profile profile-name N/A
3.
Specify the EAP
authentication method.
method { md5 | peap-gtc |
peap-mschapv2 | tls }
By default, no EAP authentication
method is specified for an EAP
profile.
To configure multiple EAP
authentication methods, repeat this
step. A method configured earlier
has a higher priority.
PEAP-GTC and PEAP-MSCHAPv2
are mutually exclusive.
4.
Specify the user credential
verification approach for local
EAP authentication.
user-credentials { ldap-scheme
ldap-scheme-name [ local ] | local }
Optional.
By default, the local user database
is used for user credential
verification.
5.
Specify the SSL server policy
for EAP authentication.
ssl-server-policy policy-name
Required when the EAP
authentication method of
PEAP-GTC, PEAP-MSCHAPv2, or
TLS is configured.
By default, no SSL server policy is
specified for an EAP profile.
6.
Return to system view.
quit
N/A
7.
Specify the EAP profile for the
local authentication server.
local-server authentication
eap-profile profile-name
N/A
NOTE:
•
You cannot modify or remove an EAP profile that is referenced by the local authentication server.
•
For more information about SSL server policy configuration, see "Configuring SSL."
Configuring a NAS ID-VLAN binding
The access locations of users can be identified by their access VLANs. In application scenarios where it
is required to identify the access locations of users, configure NAS ID-VLAN bindings on the access
device. Then, when a user gets online, the access device obtains the NAS ID by the access VLAN of the
user and sends the NAS ID to the RADIUS server through the NAS-identifier attribute.