简单的交换机3a认证的测试方法

1. 浜ゆ崲链烘庝箞閰岖疆

濡备笅锛

鍗庝负浜ゆ崲链哄熀纭淇℃伅閰岖疆锛屼娇鐢╟onsole绾胯繛鎺ラ厤缃瓵AA璁よ瘉浠ュ强telnet閰岖疆锛岃繖閲屼娇鐢ㄥ崕涓篹NSP杞浠舵潵妯℃嫙銆

宸ュ叿锛忓师鏂欙细鍗庝负S1724G銆乪NSP妯℃嫙鍣ㄣ

鏂规硶锛

1銆佹嬁鍒版柊镄勫崕涓轰氦鎹㈡満浣跨敤console绾垮规帴杩炴帴浜ゆ崲链猴纴璁剧疆榛樿よ皟璇曢戞佃繘琛岄厤缃銆俢onsole濡备笅锲俱

2. H3C S3600浜ゆ崲链篈AA璁よ瘉閰岖疆

1.瀵逛簬浜ゆ崲链猴纴链濂絚onsole涓嶈侀厤缃璁よ瘉锛屼竾涓鍑虹幇闂棰桡纸濡备汉涓鸿剧疆阌栾绛夛级锛屼綘console镞犳硶杩涘幓锛屾渶濂介厤缃涓链鍦扮敤鎴枫
2.閰岖疆tacacs灏卞彲浠ヤ简銆傛病蹇呰侀厤缃畆adius(radius杩树笉鑳藉瑰懡浠よ繘琛岄壌𨱒)锛宼acacs锛屽畬鍏ㄥ彲浠ュ圭敤鎴枫佺瓑绾э纸exec锛夈佸懡浠わ纸command锛夎繘琛屾巿𨱒冦
缁欎釜閰岖疆缁欎綘鍙傝冿纸鍗庝负锛夛纴鎴戣繖閰岖疆锛屽逛簬console鍙ｆ槸娌℃湁铡籥aa链嶅姟鍣ㄧ殑銆

domain mydepart
scheme hwtacacs-scheme mydepart local
vlan-assignment-mode integer
access-limit disable
state active
idle-cut disable
self-service-url disable

hwtacacs scheme mydepart
primary authentication 192.168.1.2
secondary authentication 192.168.1.3
primary authorization 192.168.1.2
secondary authorization 192.168.1.3
primary accounting 192.168.1.2
secondary accounting 192.168.1.3
key authentication mykey
key authorization mykey
key accounting mykey
user-name-format without-domain

local-user myuser

#
super password level 3 cipher sdfsdfgsdfs
#
hwtacacs nas-ip 192.168.1.1

user-interface vty 0 4
acl 2000 inbound
authentication-mode scheme command-authorization
user privilege level 3
idle-timeout 5 0
protocol inbound telnet

user-interface con 0
authentication-mode password
set authentication password cipher sdfsdfsdfwer
idle-timeout 5 0

3. 鍗庝负浜ゆ崲链篴aa 璁よ瘉鏄浠涔堬纻

AAA 阃氩父閲囩敤钬滃㈡埛绔钬旀湇锷″櫒钬濈粨鏋勚傝繖绉岖粨鏋勬棦鍏锋湁镩濂界殑鍙镓╁𪾢镐э纴鍙堜究浜庨泦涓绠＄悊鐢ㄦ埛淇℃伅銆傝よ瘉锛
     涓嶈よ瘉锛氩圭敤鎴烽潪甯镐俊浠伙纴涓嶅瑰叾杩涜屽悎娉曟镆ワ纴涓鑸𨱍呭喌涓嬩笉閲囩敤杩欑嶆柟寮忋 
     链鍦拌よ瘉锛氩皢鐢ㄦ埛淇℃伅閰岖疆鍦ㄧ绣缁沧帴鍏ユ湇锷″櫒涓娿傛湰鍦拌よ瘉镄勪紭镣规槸阃熷害蹇锛屽彲浠ヤ负杩愯惀闄 浣庢垚链锛岀己镣规槸瀛桦偍淇℃伅閲忓弹璁惧囩‖浠舵浔浠堕檺鍒躲 
     杩灭璁よ瘉锛氩皢鐢ㄦ埛淇℃伅閰岖疆鍦ㄨよ瘉链嶅姟鍣ㄤ笂銆傛敮鎸侀氲繃 RADIUS锛圧emote Authentication Dial In User Service锛夊岗璁鎴 HWTACACS锛圚uaWei Terminal Access Controller Access Control System锛夊岗璁杩涜岃繙绔璁よ瘉銆 
鎺堟潈锛
銆 AAA 鏀鎸佷互涓嬫巿𨱒冩柟寮忥细 
    涓嶆巿𨱒冿细涓嶅圭敤鎴疯繘琛屾巿𨱒冨勭悊銆 
    链鍦版巿𨱒冿细镙规嵁缃戠粶鎺ュ叆链嶅姟鍣ㄤ负链鍦扮敤鎴疯处鍙烽厤缃镄勭浉鍏冲睘镐ц繘琛屾巿𨱒冦 
     HWTACACS 鎺堟潈锛氱敱 HWTACACS 链嶅姟鍣ㄥ圭敤鎴疯繘琛屾巿𨱒冦 
 if-authenticated 鎺堟潈锛氩傛灉鐢ㄦ埛阃氲繃浜呜よ瘉锛岃屼笖浣跨敤镄勮よ瘉妯″纺鏄链鍦版垨杩灭璁よ瘉锛屽垯鐢ㄦ埛 鎺堟潈阃氲繃銆 
     RADIUS 璁よ瘉鎴愬姛钖庢巿𨱒冿细RADIUS 鍗忚镄勮よ瘉鍜屾巿𨱒冩槸缁戝畾鍦ㄤ竴璧风殑锛屼笉鑳藉崟镫浣跨敤 RADIUS 杩涜屾巿𨱒冦
璁¤垂锛
     AAA 鏀鎸佷互涓嬭¤垂鏂瑰纺锛 
     涓嶈¤垂锛氢笉瀵圭敤鎴疯¤垂銆 
     杩灭璁¤垂锛氭敮鎸侀氲繃 RADIUS 链嶅姟鍣ㄦ垨 HWTACACS 链嶅姟鍣ㄨ繘琛岃繙绔璁¤垂銆
浜屻丷ADIUS鍗忚
杩灭▼璁よ瘉𨰾ㄥ彿鐢ㄦ埛链嶅姟 RADIUS锛圧emote Authentication Dial-In User Service锛夋槸涓绉嶅垎甯冨纺镄勚佸 鎴风/链嶅姟鍣ㄧ粨鏋勭殑淇℃伅浜や簰鍗忚锛岃兘淇濇姢缃戠粶涓嶅弹链鎺堟潈璁块梾镄勫共镓帮纴甯稿簲鐢ㄥ湪镞㈣佹眰杈冮珮瀹夊叏 镐с佸张鍏佽歌繙绋嬬敤鎴疯块梾镄勫悇绉岖绣缁灭幆澧冧腑銆傝ュ岗璁瀹氢箟浜嗗熀浜 UDP 镄 RADIUS 甯ф牸寮忓强鍏舵秷鎭 浼犺緭链哄埗锛屽苟瑙勫畾 UDP 绔鍙 1812銆1813 鍒嗗埆浣滀负璁よ瘉銆佽¤垂绔鍙ｃ
RADIUS 链鍒濅粎鏄阍埚规嫧鍙风敤鎴风殑 AAA 鍗忚锛屽悗𨱒ラ殢镌鐢ㄦ埛鎺ュ叆鏂瑰纺镄勫氭牱鍖栧彂灞曪纴RADIUS 涔 阃傚簲澶氱岖敤鎴锋帴鍏ユ柟寮忥纴濡浠ュお缃鎺ュ叆銆丄DSL 鎺ュ叆銆傚畠阃氲繃璁よ瘉鎺堟潈𨱒ユ彁渚涙帴鍏ユ湇锷★纴阃氲繃璁¤垂 𨱒ユ敹闆嗐佽板綍鐢ㄦ埛瀵圭绣缁滆祫婧愮殑浣跨敤銆
RADIUS链嶅姟鍣
RA

4. 涓囧厗浜ゆ崲链虹殑娴嬭瘯

琛￠噺涓鍙颁竾鍏嗕氦鎹㈡満锛岄栧厛鏄娴嬭瘯瀹冩槸钖﹁兘澶熻揪鍒扮嚎阃熻浆鍙戠殑钖炲悙閲忥纴钖屾椂瑙傚疗绔鍒扮镄勪紶杈揿欢杩燂纴涓鍙颁紭绉镄勪竾鍏嗕氦鎹㈡満搴旇ヨ兘澶熷湪锷犺浇鍏抽敭搴旂敤镄勫墠鎻愪笅(濡傜粍鎾搴旂敤銆両Pv6 搴旂敤銆佸ぇ瀹归噺璁块梾鍒楄〃鎺у埗)锛岀嚎阃熸棤阒诲炲湴杞鍙戞暟鎹鍖咃纴骞朵笖淇濊瘉绔鍒扮镄勬暟鎹寤惰繜灏藉彲鑳藉湴灏忋傚叾娆★纴琛￠噺涓囧厗浜ゆ崲链鸿缮闇阃氲繃娴嬭瘯鍏抽敭鍗忚锛屽侭GP4镄勫归噺銆佽矾鐢辨敹鏁涘拰璺鐢遍渿钻℃潵妫楠岋纴娴嬭瘯阍埚规敾鍑荤殑阒茶寖鐗规с佹祴璇曟祦閲忕＄悊镄勫叧阌鐗规с傚啑浣欐х殑娴嬭瘯涔熼潪甯搁吨瑕侊纴鍐椾綑镐у寘钖纭浠剁郴缁熺殑鍐椾綑镐у拰杞浠剁壒镐х殑鍐椾綑镐с傚彲浠ヨ达纴阃夋嫨涓囧厗浠ュお缃戜氦鎹㈡満涓崭粎浠呮槸鍑犱釜鍗曢”锷熻兘镄勯夋嫨锛屾洿鏄涓椤瑰叏闱㈣瘎浼扮殑绯荤粺阃夋嫨