HPE IMC UAM 802.1X Authentication Configuration Examples

Similar documents
HPE IMC UAM Binding Access Users with PCs Configuration Examples

HPE IMC UAM LDAP Authentication Configuration Examples

HPE IMC UAM 802.1X Access Control and RSA Authentication Configuration Examples

HPE IMC UAM Device User Authentication Configuration Examples

HPE IMC UAM 802.1X Authentication and ACL Based Access Control Configuration Examples

HPE IMC APM IIS Server Application Monitor Configuration Examples

HPE IMC BYOD WLAN 802.1X Authentication and Security Check Using inode Configuration Examples

HPE IMC BYOD WLAN MAC Authentication Configuration Examples

HPE IMC UAM BYOD Quick Deployment on Mobile Device Configuration Examples

HPE IMC APM SQL Server Application Monitor Configuration Examples

802.1x Configuration Examples H3C S7500 Series Ethernet Switches Release Table of Contents

HPE IMC WSM Converged Topology Configuration Examples

Controlled/uncontrolled port and port authorization status

Table of Contents. 4 System Guard Configuration 4-1 System Guard Overview 4-1 Guard Against IP Attacks 4-1 Guard Against TCN Attacks 4-1

RADIUS Configuration. Overview. Introduction to RADIUS. Client/Server Model

Internet Access: Wireless WVU.Encrypted Network Connecting a Windows 7 Device

Table of Contents X Configuration 1-1

Table of Contents X Configuration 1-1

IMC inode Intelligent Client v7.0 (E0106) Copyright (c) Hewlett-Packard Development Company, L.P. and its licensors.

Configuration of Cisco ACS 5.2 Radius authentication with comware v7 switches 2

Radius Configuration FSOS

VMware View (Horizon)

Table of Contents 1 AAA Overview AAA Configuration 2-1

Secure Access Configuration Guide For Wireless Clients

Using the Management Interfaces

Example: Configuring Static MAC Bypass of Authentication on an EX Series Switch

Operation Manual 802.1x. Table of Contents

HPE IMC NTA MPLS VPN Traffic Analysis Configuration Examples

Wired Dot1x Version 1.05 Configuration Guide

Configure 802.1x - PEAP with FreeRadius and WLC 8.3

Operation Manual Security. Table of Contents

H3C SR6600 Routers DVPN Configuration Example

Configuring 802.1X Authentication Client for Windows 8

LAB: Configuring LEAP. Learning Objectives

HPE IMC DBA User Database to IMC User Database Restoration Configuration Examples

HP IMC Smart Connect Virtual Appliance Software

ForeScout CounterACT. Configuration Guide. Version 4.3

Regular Expressions to Remove Passwords From IOS Configurations

H3C Intelligent Management Center

802.1x Configuration. FSOS 802.1X Configuration

HP Unified Wired-WLAN Products

Example: Setting Up 802.1X for Single Supplicant or Multiple Supplicant Configurations on an EX Series Switch

Operation Manual AAA RADIUS HWTACACS H3C S5500-EI Series Ethernet Switches. Table of Contents

BEST PRACTICE - NAC AUF ARUBA SWITCHES. Rollenbasierte Konzepte mit Aruba OS Switches in Verbindung mit ClearPass Vorstellung Mobile First Features

How to connect your device using eduroam

Cloudpath and Aruba Instant Integration

Quick Start Guide for Standalone EAP

H3C Firewall and UTM Devices L2TP VPN Virtual Firewall Configuration Examples (Comware V5)

The SSID to use and the credentials required to be used are listed below for each type of account: SSID TO CREDENTIALS TO BE USED:

HPE IMC WSM Network Planning Configuration Examples

802.1x Configuration. Page 1 of 11

Forescout. Configuration Guide. Version 4.4

H3C Firewall and UTM Devices Log Management with IMC Firewall Manager Configuration Examples (Comware V5)

Connecting to the NJITSecure wireless network.

Zebra Setup Utility, Zebra Mobile Printer, Microsoft NPS, Cisco Controller, PEAP and WPA-PEAP

HP VSR1000 Virtual Services Router

Ericom PowerTerm WebConnect

How to setup Remote VPN access using Windows Radius Server and Unifi USG/Controller

HP 5120 SI Switch Series

HPE IMC Windows Migration Guide

Stonesoft Integration

Configuring Client Profiling

Reference Card: How to connect Windows 7 to UniWireless

H3C S5120-SI Series Ethernet Switches Security Configuration Guide

H3C SecBlade NetStream Card Configuration Examples

Configuring 802.1x CHAPTERS. 1. Overview x Configuration 3. Configuration Example 4. Appendix: Default Parameters

HP 5920 & 5900 Switch Series

H3C COMWARE 7 FREERADIUS REMOTE AAA SIMULATION USING HCL

Manual UCSFwpa Configuration for Windows 7

HP A5820X & A5800 Switch Series Security. Configuration Guide. Abstract

Wireless for Windows 7

Logging in through SNMP from an NMS 22 Overview 22 Configuring SNMP agent 22 NMS login example 24

Network Security 1. Module 7 Configure Trust and Identity at Layer 2

RSA SecurID Ready with Wireless LAN Controllers and Cisco Secure ACS Configuration Example

How to connect to Wi-Fi

NAS 308 Introduction to iscsi

Configure 802.1x Authentication with PEAP, ISE 2.1 and WLC 8.3

Residence Towers Network Access for Windows XP / 2000 Computers

Table of Contents 1 PPP Configuration Commands PPPoE Configuration Commands 2-1

Configure Outlook to use port 587 with authentication

Chapter 4 Configuring 802.1X Port Security

Instructions for connecting to the FDIBA Wireless Network (Windows Vista)

UMDNJ Wireless Documentation Windows 7

RADIUS Tunnel Attribute Extensions

INFORMATION SYSTEMS SERVICE NETWORKS AND TELECOMMUNICATIONS SECTOR

HPE Intelligent Management Center

Partner Ready Portal: New Partner Registration Process

Application Note. Using RADIUS with G6 Devices

H3C WA Series WLAN Access Points. WLAN Configuration Guide. Hangzhou H3C Technologies Co., Ltd. Document Version: 6W

HPE Security ArcSight Connectors

PPP configuration commands

IMC User Access Manager 7.1 (E0302P15) Copyright (c) 2015 Hewlett-Packard Development Company, L.P. and its licensors.

EacStudent Wireless Access for Windows XP / 2000 Computers

IMC Intelligent Analysis Report v7.1 (E0301P02) Copyright (c) 2015 Hewlett-Packard Development Company, L.P. and its licensors.

Achieving regulatory compliance with reports from ProCurve PCM, IDM, and NIM

IEEE 802.1x, RADIUS AND DYNAMIC VLAN ASSIGNMENT

HPE Intelligent Management Center

Configure to Secure a Flexconnect AP Switchport with Dot1x

HPE Security ArcSight Connectors

User authentication configuration example 11 Command authorization configuration example 13 Command accounting configuration example 14

Transcription:

HPE IMC UAM 802.1X Authentication Configuration Examples Part Number: 5200-1365 Software version: IMC UAM 7.2 (E0403) Document version: 2 The information in this document is subject to change without notice. Copyright 2016 Hewlett Packard Enterprise Development LP

Contents Introduction 1 Prerequisites 1 Example: Configuring common 802.1X authentication 1 Network configuration 1 Software versions used 1 Configuring UAM 2 Configuring the switch as an access device 2 Configuring an access policy 4 Configuring an access service 6 Configuring an access user 7 Configuring the access device 9 Configuring the inode client 10 Verifying the configuration 10 Triggering 802.1X authentication 10 Viewing online users in UAM 12 i

Introduction This document provides examples for configuring common 802.1X authentication. Common 802.1X authentication only identifies users. It is applicable to enterprise or campus networks that do not have special requirements for access control or security checking. Prerequisites The access device must support 802.1X. Example: Configuring common 802.1X authentication Network configuration As shown in Figure 1, internal users must pass 802.1X authentication to access the Internet. The users' PC runs Windows 7 operating system. The built-in 802.1X client of Windows 7 and the inode client are both available. The switch uses the IMC UAM server to provide authentication services for internal users. The internal network does not have special requirements for user access control or security checking. Figure 1 Network diagram Software versions used This configuration example was created and verified on the following platforms: IMC UAM 7.2 (E0403) H3C S3600V2-28TP-EI Comware Software, Version 5.20, Release 2103 inode PC 7.2 (E0403) 1

Configuring UAM Configuring the switch as an access device 1. Click the User tab. 2. From the navigation tree, select User Access Policy > Access Device Management > Access Device. The Access Device page opens, as shown in Figure 2. Figure 2 Accessing the access device list 3. Click Add on top of the access device list. The Add Access Device page opens, as shown in Figure 3. Figure 3 Adding an access device 4. Add the switch to UAM as an access device. 2

You can add a device to UAM either manually or by selecting the device from the IMC platform. This example uses the Add Manually option. To add an access device manually: a. Click Add Manually. The Add Access Device Manually page opens. b. Enter 192.168.30.100 in the Device IP field, as shown in Figure 4. If the nas ip command is configured on the device, enter the NAS IP address in the Device IP field. If the command is not configured, enter the IP address or VLAN interface address for the interface connected to UAM in the Device IP field. Figure 4 Specifying the IP address of the access device c. Click OK to return to the Add Access Device page. 5. Configure access information for the access device, as shown in Figure 5: a. Enter the authentication port number in the Authentication Port field, and enter the accounting port number in the Accounting Port field. Make sure the values are the same as the port numbers configured on the access device. This example uses the default authentication and accounting port numbers 1812 and 1813, respectively. IMPORTANT: Use UAM for authentication and accounting at the same time. If you use UAM for authentication, you must use it for accounting. b. Select LAN Access Service from the Service Type list. c. Select H3C (General) from the Access Device Type list. d. Enter movie in the Shared Key and Confirm Shared Key fields. Make sure the shared key is the same as the shared key configured on the access device. If a plain text shared key is configured on the access device, the Confirm Shared Key field is not available. e. Use the default values for other parameters. 3

Figure 5 Configuring the access device 6. Click OK. 7. On the Result of Adding Access Devices page, click Back to Access Device List. The new access device is displayed in the access device list, as shown in Figure 6. Figure 6 Viewing the new access device Configuring an access policy 1. Click the User tab. 2. From the navigation tree, select User Access Policy > Access Policy. The Access Policy page opens, as shown in Figure 7. 4

Figure 7 Accessing the access policy list 3. Click Add on top of the access policy list. The Add Access Policy page opens. 4. Configure access policy parameters, as shown in Figure 8: a. Enter Access Permit in the Access Policy Name field. b. Use the default values for other parameters. Figure 8 Adding an access policy 5. Click OK. The new access policy is displayed in the access policy list, as shown in Figure 9. Figure 9 Viewing the new access policy 5

Configuring an access service 1. Click the User tab. 2. From the navigation tree, select User Access Policy > Access Service. 3. Click Add on top of the access service list, as shown in Figure 10. The Add Access Service page opens. Figure 10 Accessing the access service list 4. Configure basic information for the access service, as shown in Figure 11: a. Enter 802.1X Service in the Service Name field. The name must be unique in UAM. b. Enter 391 in the Service Suffix field. In this example, the user-name-format with-domain command is configured on the access device to include domain information in usernames. Therefore, you must configure the service suffix. For authentication to be performed correctly, the username specified on the client, the domain and RADIUS scheme configuration on the access device, and the service suffix on the UAM server must comply with the correlation rules shown in Table 1. Table 1 Parameter correlation Username format on the client Domain on the access device Username format configured on the access device X@Y Y with-domain Y Service suffix on UAM X@Y Y without-domain No suffix X Default domain (the default domain specified on the access device) with-domain Name of the default domain X Default domain (the default domain specified on the access device) without-domain No suffix c. Select Access Permit from the Default Access Policy list. d. Use the default values for other parameters. 6

Figure 11 Configuring the access service 5. Click OK. The new access service is displayed in the access service list, as shown in Figure 12. Figure 12 Viewing the new access service Configuring an access user 1. Click the User tab. 2. From the navigation tree, select Access User > All Access Users. The All Access Users page opens, as shown in Figure 13. Figure 13 Accessing the access user list 3. On the access user list, click Add. 7

The Add Access User page opens. 4. Configure the basic parameters for the access user, as shown in Figure 14: a. In the User Name field, configure an IMC platform user to be associated with the access user. You can either select an existing user account from the IMC platform or add a new IMC platform user. This example uses the Add User option. On the Add User page, enter wbing in the User Name field, enter 0128 in the Identity Number field, and click OK. b. Enter ice in the Account Name field. c. Enter imc123 in the Password and Confirm Password fields. d. Select 802.1X Service in the Access Service list. e. Use the default values for other parameters. Figure 14 Configuring an access user 5. Click OK. The new access user is displayed in the access user list, as shown in Figure 15. 8

Figure 15 Viewing the new access user Configuring the access device The access device controls user access to the network. Only users who pass 802.1X authentication can access the network. To configure the access device at the CLI, perform the following tasks: 1. Configure a RADIUS scheme: # Create the RADIUS scheme named 1xallpermit. <AccDevice> system-view System View: return to User View with Ctrl+Z. [AccDevice] radius scheme 1xallpermit New Radius scheme # Configure UAM as the primary RADIUS authentication and accounting server. Set the authentication port to 1812, and set the accounting port to 1813. Make sure the ports are the same as those configured on UAM. [AccDevice-radius-1xallpermit] primary authentication 192.168.40.237 1812 [AccDevice-radius-1xallpermit] primary accounting 192.168.40.237 1813 # Configure the shared key to movie to secure RADIUS authentication and accounting communication. Make sure the shared key is the same as that configured on UAM. [AccDevice-radius-1xallpermit] key authentication movie [AccDevice-radius-1xallpermit] key accounting movie # Configure the device to include domain information in the user names that are sent to the RADIUS server. The username format must be the same as the format configured on UAM. [AccDevice-radius-1xallpermit] user-name-format with-domain [AccDevice-radius-1xallpermit] quit 2. Configure the authentication domain: # Create the ISP domain named 391. Make sure the domain name is the same as the service suffix configured on UAM. [AccDevice] domain 391 New Domain added. # Configure the ISP domain to use RADIUS scheme 1xallpermit for authentication, authorization, and accounting of all LAN users. [AccDevice-isp-391] authentication lan-access radius-scheme 1xallpermit [AccDevice-isp-391] authorization lan-access radius-scheme 1xallpermit [AccDevice-isp-391] accounting lan-access radius-scheme 1xallpermit 9

[AccDevice-isp-391] quit 3. Configure 802.1X: # Enable 802.1X globally and on port Ethernet 1/0/1. 802.1X takes effect on a port only after you enable it globally and on the port. [AccDevice] dot1x 802.1X is enabled globally. [AccDevice] dot1x interface Ethernet 1/0/1 802.1X is enabled on port Ethernet1/0/1. # Specify the authentication method as CHAP. [AccDevice] dot1x authentication-method chap NOTE: 802.1X authentication methods include PAP, CHAP, and EAP. If a certificate is imported for authentication, you must set the authentication method to EAP. If the built-in 802.1X client of the Windows operating system is used, do not set the authentication method to PAP. Configuring the inode client The inode client must be compatible with IMC UAM. For more information, see the release notes for the UAM version. Verifying the configuration Triggering 802.1X authentication 1. On the inode client, click 802.1X Connection. The 802.1X Connection window opens. 2. Enter the user name and password, and click Connect, as shown in Figure 16. 10

Figure 16 Entering the user name in the 802.1X connection area The 802.1X authentication process starts. The authentication result shows that the connection has been established, as shown in Figure 17. 11

Figure 17 Authentication information Viewing online users in UAM 1. Click the User tab. 2. From the navigation tree, select User > Online Users. The access user named ice@391 is in the online user list, as shown in Figure 18. Figure 18 Viewing online users 12

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback