簡單的交換機3a認證的測試方法

1. 浜ゆ崲鏈烘庝箞閰嶇疆

濡備笅錛

鍗庝負浜ゆ崲鏈哄熀紜淇℃伅閰嶇疆錛屼嬌鐢╟onsole綰胯繛鎺ラ厤緗瓵AA璁よ瘉浠ュ強telnet閰嶇疆錛岃繖閲屼嬌鐢ㄥ崕涓篹NSP杞浠舵潵妯℃嫙銆

宸ュ叿錛忓師鏂欙細鍗庝負S1724G銆乪NSP妯℃嫙鍣ㄣ

鏂規硶錛

1銆佹嬁鍒版柊鐨勫崕涓轟氦鎹㈡満浣跨敤console綰垮規帴榪炴帴浜ゆ崲鏈猴紝璁劇疆榛樿よ皟璇曢戞佃繘琛岄厤緗銆俢onsole濡備笅鍥俱

2. H3C S3600浜ゆ崲鏈篈AA璁よ瘉閰嶇疆

1.瀵逛簬浜ゆ崲鏈猴紝鏈濂絚onsole涓嶈侀厤緗璁よ瘉錛屼竾涓鍑虹幇闂棰橈紙濡備漢涓鴻劇疆閿欒絳夛級錛屼綘console鏃犳硶榪涘幓錛屾渶濂介厤緗涓鏈鍦扮敤鎴楓
2.閰嶇疆tacacs灝卞彲浠ヤ簡銆傛病蹇呰侀厤緗畆adius(radius榪樹笉鑳藉瑰懡浠よ繘琛岄壌鏉)錛宼acacs錛屽畬鍏ㄥ彲浠ュ圭敤鎴楓佺瓑綰э紙exec錛夈佸懡浠わ紙command錛夎繘琛屾巿鏉冦
緇欎釜閰嶇疆緇欎綘鍙傝冿紙鍗庝負錛夛紝鎴戣繖閰嶇疆錛屽逛簬console鍙ｆ槸娌℃湁鍘籥aa鏈嶅姟鍣ㄧ殑銆

domain mydepart
scheme hwtacacs-scheme mydepart local
vlan-assignment-mode integer
access-limit disable
state active
idle-cut disable
self-service-url disable

hwtacacs scheme mydepart
primary authentication 192.168.1.2
secondary authentication 192.168.1.3
primary authorization 192.168.1.2
secondary authorization 192.168.1.3
primary accounting 192.168.1.2
secondary accounting 192.168.1.3
key authentication mykey
key authorization mykey
key accounting mykey
user-name-format without-domain

local-user myuser

#
super password level 3 cipher sdfsdfgsdfs
#
hwtacacs nas-ip 192.168.1.1

user-interface vty 0 4
acl 2000 inbound
authentication-mode scheme command-authorization
user privilege level 3
idle-timeout 5 0
protocol inbound telnet

user-interface con 0
authentication-mode password
set authentication password cipher sdfsdfsdfwer
idle-timeout 5 0

3. 鍗庝負浜ゆ崲鏈篴aa 璁よ瘉鏄浠涔堬紵

AAA 閫氬父閲囩敤鈥滃㈡埛絝鈥旀湇鍔″櫒鈥濈粨鏋勩傝繖縐嶇粨鏋勬棦鍏鋒湁鑹濂界殑鍙鎵╁睍鎬э紝鍙堜究浜庨泦涓綆＄悊鐢ㄦ埛淇℃伅銆傝よ瘉錛
     涓嶈よ瘉錛氬圭敤鎴烽潪甯鎬俊浠伙紝涓嶅瑰叾榪涜屽悎娉曟鏌ワ紝涓鑸鎯呭喌涓嬩笉閲囩敤榪欑嶆柟寮忋 
     鏈鍦拌よ瘉錛氬皢鐢ㄦ埛淇℃伅閰嶇疆鍦ㄧ綉緇滄帴鍏ユ湇鍔″櫒涓娿傛湰鍦拌よ瘉鐨勪紭鐐規槸閫熷害蹇錛屽彲浠ヤ負榪愯惀闄 浣庢垚鏈錛岀己鐐規槸瀛樺偍淇℃伅閲忓彈璁懼囩‖浠舵潯浠墮檺鍒躲 
     榪滅璁よ瘉錛氬皢鐢ㄦ埛淇℃伅閰嶇疆鍦ㄨよ瘉鏈嶅姟鍣ㄤ笂銆傛敮鎸侀氳繃 RADIUS錛圧emote Authentication Dial In User Service錛夊崗璁鎴 HWTACACS錛圚uaWei Terminal Access Controller Access Control System錛夊崗璁榪涜岃繙絝璁よ瘉銆 
鎺堟潈錛
銆 AAA 鏀鎸佷互涓嬫巿鏉冩柟寮忥細 
    涓嶆巿鏉冿細涓嶅圭敤鎴瘋繘琛屾巿鏉冨勭悊銆 
    鏈鍦版巿鏉冿細鏍規嵁緗戠粶鎺ュ叆鏈嶅姟鍣ㄤ負鏈鍦扮敤鎴瘋處鍙烽厤緗鐨勭浉鍏沖睘鎬ц繘琛屾巿鏉冦 
     HWTACACS 鎺堟潈錛氱敱 HWTACACS 鏈嶅姟鍣ㄥ圭敤鎴瘋繘琛屾巿鏉冦 
 if-authenticated 鎺堟潈錛氬傛灉鐢ㄦ埛閫氳繃浜嗚よ瘉錛岃屼笖浣跨敤鐨勮よ瘉妯″紡鏄鏈鍦版垨榪滅璁よ瘉錛屽垯鐢ㄦ埛 鎺堟潈閫氳繃銆 
     RADIUS 璁よ瘉鎴愬姛鍚庢巿鏉冿細RADIUS 鍗忚鐨勮よ瘉鍜屾巿鏉冩槸緇戝畾鍦ㄤ竴璧風殑錛屼笉鑳藉崟鐙浣跨敤 RADIUS 榪涜屾巿鏉冦
璁¤垂錛
     AAA 鏀鎸佷互涓嬭¤垂鏂瑰紡錛 
     涓嶈¤垂錛氫笉瀵圭敤鎴瘋¤垂銆 
     榪滅璁¤垂錛氭敮鎸侀氳繃 RADIUS 鏈嶅姟鍣ㄦ垨 HWTACACS 鏈嶅姟鍣ㄨ繘琛岃繙絝璁¤垂銆
浜屻丷ADIUS鍗忚
榪滅▼璁よ瘉鎷ㄥ彿鐢ㄦ埛鏈嶅姟 RADIUS錛圧emote Authentication Dial-In User Service錛夋槸涓縐嶅垎甯冨紡鐨勩佸 鎴風/鏈嶅姟鍣ㄧ粨鏋勭殑淇℃伅浜や簰鍗忚錛岃兘淇濇姢緗戠粶涓嶅彈鏈鎺堟潈璁塊棶鐨勫共鎵幫紝甯稿簲鐢ㄥ湪鏃㈣佹眰杈冮珮瀹夊叏 鎬с佸張鍏佽歌繙紼嬬敤鎴瘋塊棶鐨勫悇縐嶇綉緇滅幆澧冧腑銆傝ュ崗璁瀹氫箟浜嗗熀浜 UDP 鐨 RADIUS 甯ф牸寮忓強鍏舵秷鎮 浼犺緭鏈哄埗錛屽苟瑙勫畾 UDP 絝鍙 1812銆1813 鍒嗗埆浣滀負璁よ瘉銆佽¤垂絝鍙ｃ
RADIUS 鏈鍒濅粎鏄閽堝規嫧鍙風敤鎴風殑 AAA 鍗忚錛屽悗鏉ラ殢鐫鐢ㄦ埛鎺ュ叆鏂瑰紡鐨勫氭牱鍖栧彂灞曪紝RADIUS 涔 閫傚簲澶氱嶇敤鎴鋒帴鍏ユ柟寮忥紝濡浠ュお緗鎺ュ叆銆丄DSL 鎺ュ叆銆傚畠閫氳繃璁よ瘉鎺堟潈鏉ユ彁渚涙帴鍏ユ湇鍔★紝閫氳繃璁¤垂 鏉ユ敹闆嗐佽板綍鐢ㄦ埛瀵圭綉緇滆祫婧愮殑浣跨敤銆
RADIUS鏈嶅姟鍣
RA

4. 涓囧厗浜ゆ崲鏈虹殑嫻嬭瘯

琛￠噺涓鍙頒竾鍏嗕氦鎹㈡満錛岄栧厛鏄嫻嬭瘯瀹冩槸鍚﹁兘澶熻揪鍒扮嚎閫熻漿鍙戠殑鍚炲悙閲忥紝鍚屾椂瑙傚療絝鍒扮鐨勪紶杈撳歡榪燂紝涓鍙頒紭縐鐨勪竾鍏嗕氦鎹㈡満搴旇ヨ兘澶熷湪鍔犺澆鍏抽敭搴旂敤鐨勫墠鎻愪笅(濡傜粍鎾搴旂敤銆両Pv6 搴旂敤銆佸ぇ瀹歸噺璁塊棶鍒楄〃鎺у埗)錛岀嚎閫熸棤闃誨炲湴杞鍙戞暟鎹鍖咃紝騫朵笖淇濊瘉絝鍒扮鐨勬暟鎹寤惰繜灝藉彲鑳藉湴灝忋傚叾嬈★紝琛￠噺涓囧厗浜ゆ崲鏈鴻繕闇閫氳繃嫻嬭瘯鍏抽敭鍗忚錛屽侭GP4鐨勫歸噺銆佽礬鐢辨敹鏁涘拰璺鐢遍渿鑽℃潵媯楠岋紝嫻嬭瘯閽堝規敾鍑葷殑闃茶寖鐗規с佹祴璇曟祦閲忕＄悊鐨勫叧閿鐗規с傚啑浣欐х殑嫻嬭瘯涔熼潪甯擱噸瑕侊紝鍐椾綑鎬у寘鍚紜浠剁郴緇熺殑鍐椾綑鎬у拰杞浠剁壒鎬х殑鍐椾綑鎬с傚彲浠ヨ達紝閫夋嫨涓囧厗浠ュお緗戜氦鎹㈡満涓嶄粎浠呮槸鍑犱釜鍗曢」鍔熻兘鐨勯夋嫨錛屾洿鏄涓欏瑰叏闈㈣瘎浼扮殑緋葷粺閫夋嫨