Interoperability Between Huawei Switches and Third-Party Authentication Servers

64 0 0 0

This section includes the following content:

Interoperability between Huawei switches and Cisco ISE

ItemDescription
Types of servers that the ISE can act as
  • RADIUS authentication, accounting, and authorization servers
  • HWTACACS authentication, accounting, and authorization servers
  • Portal server
User authentication modes
  • 802.1X authentication
  • MAC address authentication
  • HTTP/HTTPS-based Portal authentication
  • Combined authentication
Authentication protocol that can used by the 802.1X client
  • PAP
  • CHAP
  • EAP-MD5
  • EAP-TLS
  • EAP-TTLS
  • EAP-FAST
  • EAP-PEAP
Attributes that can be assigned by the ISE to successfully authenticated usersAll standard RADIUS attributes and Huawei extended RADIUS attributes. The common authorization attributes include the following:
  • VLAN
  • Static ACL: Only ACL ID is specified.
  • Dynamic ACL: Both the ACL ID and rules contained in the ACL are specified.
  • Rate limiting on user packets
  • AAA service scheme
  • UCL group
Authorization for users who have not passed authentication successfully, that is, the escape functionUsers in the escape state can be assigned the following attributes:
  • VLAN
  • UCL group
  • AAA service scheme: Service VLANs, voice VLANs, ACLs, UCL groups, and QoS profiles can be bound to an AAA service scheme.
Functions that can be implemented using RADIUS CoA/DM packets
  • Using RADIUS CoA packets to reauthenticate users
  • Using RADIUS CoA packets to intermittently disconnect the interface to which the authorized users are connected (supported only by switches running V200R012C00 and later versions)
  • Using RADIUS CoA packets to shut down the interface to which the authorized users are connected (supported only by switches running V200R012C00 and later versions)
  • Using RADIUS DM packets to forcibly log out users
Methods for identifying terminal types
  • DHCP packet
  • User Agent (UA) field in HTTP packets
  • RADIUS attribute
  • NMAP
  • DNS packet
Posture ServiceTerminal health check: This function ensures that terminals accessing a network satisfy specified conditions, such as running a specific program and updating the patch or antivirus database to the latest version.
Guest management-
BYODBring your own device (BYOD) technology allows employees to connect to enterprise networks using their own mobile terminals, identifies the terminals types, and implements authentication and authorization based on user information, device type, and device operating environment.
Free mobility
  • Single-gateway scenario: Huawei Agile Controller-Campus delivers UCL group policies to switches. The ISE delivers a UCL group to the successfully authenticated users.
  • Multi-gateway scenario: Huawei Agile Controller-Campus delivers UCL group policies to switches. The ISE delivers a UCL group to the successfully authenticated users. Virtual Extensible LAN (VXLAN) is configured on switches to transmit UCL group information between multiple gateways.

Interoperability between Huawei switches and Aruba ClearPass

ItemDescription
Types of servers that ClearPass can act as
  • RADIUS authentication, accounting, and authorization servers
  • HWTACACS authentication, accounting, and authorization servers
  • Portal server
User authentication modes
  • 802.1X authentication
  • MAC address authentication
  • HTTP/HTTPS-based Portal authentication
Authentication protocol that can used by the 802.1X client
  • PAP
  • CHAP
  • EAP-GTC
  • EAP-MD5
  • EAP-TLS
  • EAP-TTLS
  • EAP-FAST
  • EAP-PEAP
Attributes that can be assigned by ClearPass to successfully authenticated usersAll standard RADIUS attributes and Huawei extended RADIUS attributes. The common authorization attributes include the following:
  • VLAN
  • Static ACL: Only ACL ID is specified.
  • Dynamic ACL: Both the ACL ID and rules contained in the ACL are specified.
  • Rate limiting on user packets
  • AAA service scheme
  • UCL group
Authorization for users who have not passed authentication successfully, that is, the escape functionUsers in the escape state can be assigned the following attributes:
  • VLAN
  • UCL group
  • AAA service scheme: Service VLANs, voice VLANs, ACLs, UCL groups, and QoS profiles can be bound to an AAA service scheme.
Functions that can be implemented using RADIUS CoA/DM packets
  • Using RADIUS CoA packets to reauthenticate users
  • Using RADIUS DM packets to forcibly log out users
Methods for identifying terminal types
  • DHCP packet
  • User Agent (UA) field in HTTP packets
  • SNMP packet
  • OUI (the first 24 bits of a MAC address)
Terminal health checkThis function ensures that terminals accessing a network satisfy specified conditions, such as running a specific program and updating the patch or antivirus database to the latest version.
Guest management-
BYODBYOD technology allows employees to connect to enterprise networks using their own mobile terminals, identifies the terminals types, and implements authentication and authorization based on user information, device type, and device operating environment.
Free mobilitySingle-gateway scenario: Huawei Agile Controller-Campus delivers UCL group policies to switches. The ClearPass delivers a UCL group to the successfully authenticated users.

See more please click 

https://support.huawei.com/enterprise/en/doc/EDOC1000069520/9aadccc0/comprehensive-configuration-examples


  • x
  • convention:

Reply

Reply
You need to log in to reply to the post Login | Register

Notice Notice: To protect the legitimate rights and interests of you, the community, and third parties, do not release content that may bring legal risks to all parties, including but are not limited to the following:
  • Politically sensitive content
  • Content concerning pornography, gambling, and drug abuse
  • Content that may disclose or infringe upon others ' commercial secrets, intellectual properties, including trade marks, copyrights, and patents, and personal privacy
Do not share your account and password with others. All operations performed using your account will be regarded as your own actions and all consequences arising therefrom will be borne by you. For details, see " Privacy."
If the attachment button is not available, update the Adobe Flash Player to the latest version!
Login and enjoy all the member benefits

Login and enjoy all the member benefits

Login