How to configure remote 802.1x authentication

In remote authentication and authorization, user information including the user name, password, and attributes is configured on the remote AAA server. This mode has high network security.
An example is used here to describe remote 802.1x authentication. Assume that a user connects to GE1/0/0 on an AR and belongs to VLAN 10. GE1/0/2 connects to the RADIUS server and belongs to VLAN 20. RADIUS authentication and non-accounting are used for the user, and the IP address of the RADIUS server is 192.168.2.30:1812.
1. Configure interfaces and VLANs so that the AR can communicate with the RADIUS server.
[Huawei] vlan batch 10 20
[Huawei] interface gigabitethernet 1/0/1
[Huawei-GigabitEthernet1/0/1] port link-type access
[Huawei-GigabitEthernet1/0/1] port default vlan 10
[Huawei-GigabitEthernet1/0/1] quit
[Huawei] interface gigabitethernet 1/0/2
[Huawei-GigabitEthernet1/0/2] port link-type access
[Huawei-GigabitEthernet1/0/2] port default vlan 20
[Huawei-GigabitEthernet1/0/2] quit
2. Configure a RADIUS server template, a domain, and AAA schemes.
[Huawei] radius-server template rd1
[Huawei-radius-rd1] radius-server authentication 192.168.2.30 1812
[Huawei-radius-rd1] radius-server shared-key cipher Huawei@2012
[Huawei-radius-rd1] quit
[Huawei] aaa
[Huawei-aaa] authentication-scheme abc
[Huawei-aaa-authen-abc] authentication-mode radius
[Huawei-aaa-authen-abc] quit
[Huawei-aaa] domain isp1
[Huawei-aaa-domain-isp1] authentication-scheme abc
[Huawei-aaa-domain-isp1] radius-server rd1
[Huawei-aaa-domain-isp1] quit
[Huawei-aaa] quit
3. Enable 802.1x globally and interfaces.
[Huawei] dot1x enable
[Huawei] interface gigabitethernet 1/0/1
[Huawei-GigabitEthernet1/0/1] dot1x enable

Scroll to top