0% found this document useful (0 votes)

221 views386 pages

HCIP-Security-CTSS V3.0 Lab Guide

Uploaded by

Tony Ordoñez

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

0% found this document useful (0 votes)

221 views386 pages

HCIP-Security-CTSS V3.0 Lab Guide

Uploaded by

Tony Ordoñez

We take content rights seriously. If you suspect this is your content, claim it here.

Available Formats

Download as PDF, TXT or read online on Scribd

You are on page 1/ 386

Recommendations

 Huawei Learning Website

 http://learning.huawei.com/en

 Huawei e-Learning
 https://ilearningx.huawei.com/portal/#/portal/ebg/51

 Huawei Certification
 http://support.huawei.com/learning/NavigationAction!createNavi?navId=_31
&lang=en

 Find Training
 http://support.huawei.com/learning/NavigationAction!createNavi?navId=_trai
ningsearch&lang=en

More Information
 Huawei learning APP

版权所有© 2018 华为技术有限公司

Lab Guide for Security Engineers
ISSUE: 3.0

Huawei Technologies Co., Ltd.

Overview

Description




Background Knowledge Required




Common Icons

Experiment Environment Overview

Networking Introduction

Device Introduction
Experiment Environment Preparation
Checking Whether All Devices Are Available
Experiment topology
Basic Configurations
Preconfigured Scripts for Devices
1
1.1
1.1.1
1.1.2
1.1.3
1.2
1.2.1
1.2.2
1.3
1.3.1
1.3.2
2
2.1
2.1.1
2.1.2
2.1.3
2.2
2.2.1
2.2.2
2.3
2.3.1
2.3.2
3
3.1
3.1.1
3.1.2
3.1.3
3.1.4
3.2
3.2.1
3.2.2
3.3
3.3.1
3.3.2
3.4
3.4.1
3.4.2
3.4.3
4
4.1
4.1.1
4.1.2
4.1.3
4.2
4.2.1
4.2.2
4.3
4.3.1
4.4
4.4.1
5
5.1
5.1.1
5.1.2
5.1.3
5.1.4
5.1.5
5.2
5.2.1
5.2.2
5.3
5.3.1
5.3.2
5.3.3
5.4
5.4.1
5.4.2
5.5
5.5.1
6
6.1
6.1.1
6.1.2
6.1.3
6.1.4
6.1.5
6.2
6.2.1
6.2.2
6.3
6.3.1
6.3.2
6.3.3
6.4
6.4.1
6.4.2
6.4.3
6.5
6.5.1
7
7.1
7.1.1
7.1.2
7.1.3
7.1.4
7.1.5
7.2
7.2.1
7.2.2
7.3
7.3.1
7.3.2
7.3.3
7.4
7.4.1
7.4.2
7.5
7.5.1
8
8.1
8.1.1
8.1.2
8.1.3
8.1.4
8.1.5
8.2
8.2.1
8.2.2
8.3
8.3.1
8.3.2
8.3.3
8.4
8.4.1
8.4.2
8.4.3
8.5
8.5.1
9
9.1
9.1.1
9.1.2
9.1.3
9.1.4
9.1.5
9.2
9.2.1
9.2.2
9.3
9.3.1
9.3.2
9.3.3
9.4
9.4.1
9.4.2
9.4.3
9.5
9.5.1
10
10.1
10.1.1
10.1.2
10.1.3
10.1.4
10.1.5
10.2
10.2.1
10.2.2
10.3
10.3.1
10.3.2
10.4
10.4.1
10.4.2
10.5
10.5.1
11
11.1
11.1.1
11.1.2
11.1.3
11.1.4
11.1.5
11.2
11.2.1
11.2.2
11.3
11.3.1
11.3.2
11.3.3
11.4
11.4.1
11.4.2
11.5
11.5.1
12
12.1
12.1.1
12.1.2
12.1.3
12.1.4
12.1.5
12.2
12.2.1
12.2.2
12.3
12.3.1
12.3.2
12.3.3
12.4
12.4.1
12.4.2
12.4.3
12.5
12.5.1
13
13.1
13.1.1
13.1.2
13.1.3
13.1.4
13.1.5
13.2
13.2.1
13.2.2
13.3
13.3.1
13.3.2
13.3.3
13.4
13.4.1
13.4.2
13.5
13.5.1
14
14.1
14.1.1
14.1.2
14.1.3
14.1.4
14.1.5
14.2
14.2.1
14.2.2
14.3
14.3.1
14.4
14.4.1
14.4.2
14.5
14.5.1
15
15.1
15.1.1
15.1.2
15.1.3
15.1.4
15.1.5
15.2
15.2.1
15.2.2
15.3
15.3.1
15.4
15.4.1
15.4.2
15.4.3
15.4.4
16
16.1
16.1.1
16.1.2
16.1.3
16.1.4
16.1.5
16.2
16.2.1
16.2.2
16.3
16.4
16.4.1
16.4.2
17
17.1
17.1.1
17.1.2
17.1.3
17.1.4
17.1.5
17.2
17.2.1
17.2.2
17.3
17.3.1
17.4
17.4.1
17.4.2
1 Agile Controller-Campus Installation
(Windows Platform)

1.1 Introduction

1.1.1 About this lab

1.1.2 Objectives


1.1.3 Networking and Service Description
1.2 Configuration Procedure

1.2.1 Configuration Roadmap

1.2.2 Configuration Steps

Step 1

Agile_Controller-Campus_V100R003C30SPC100_SM_SC_Install_Windows
Agile_Controller_Campus_V100R003C30SPC100_SQLServer_2012_R2_std_en.zip
Step 2
1.3 Verification

1.3.1 Start the Agile Controller-Campus

1.3.2 Log In to the Agile Controller-Campus

2 Agile Controller-Campus Installation
(SUSE Platform)

2.1 Introduction

2.1.1 About this lab

2.1.2 Objectives


2.1.3 Networking and Service Description
2.2 Configuration Procedure

2.2.1 Configuration Roadmap

2.2.2 Configuration Steps

Step 1
# chmod u+x preinstall_start.sh
# ./preinstall_start.sh single
# su oracle
$ lsnrctl stop controllerlistener
$ lsnrctl start controllerlistener

Step 2

# chmod u+x setup.sh //Obtain the execute permission.

# sh setup.sh //Execute setup.sh.
2.3 Verification

2.3.1 Start the Agile Controller-Campus

2.3.2 Log In to the Agile Controller-Campus

3 Guest Management

3.1 Introduction

3.1.1 About this lab

3.1.2 Objectives



3.1.3 Networking and Service Description

3.1.4 Experiment Plan

3.2 Configuration Procedure

3.2.1 Configuration Roadmap

3.2.2 Configuration Steps

Step 1

[SW4]vlan batch 13 to 14
[SW4]interface GigabitEthernet0/0/5
[SW4-GigabitEthernet0/0/5]port link-type trunk
[SW4-GigabitEthernet0/0/5]port trunk pvid vlan 13
[SW4-GigabitEthernet0/0/5]port trunk allow-pass vlan 13
[SW4-GigabitEthernet0/0/5]quit
[SW4]interface GigabitEthernet0/0/6
[SW4-GigabitEthernet0/0/6]port link-type trunk
[SW4-GigabitEthernet0/0/6]port trunk allow-pass vlan 13 to 14
[SW4]interface Vlanif13
[SW4-Vlanif13]ip address 10.1.13.34 255.255.255.0

[AC6005]vlan batch 13 to 14
[AC6005]interface GigabitEthernet0/0/1
[AC6005-GigabitEthernet0/0/1]port link-type trunk
[AC6005-GigabitEthernet0/0/1]port trunk allow-pass vlan 13 to 14
[AC6005]interface Vlanif13
[AC6005-Vlanif13]ip address 10.1.13.254 255.255.255.0
[AC6005]interface Vlanif14
[AC6005-Vlanif14]ip address 10.1.14.254 255.255.255.0

[AC6005]ospf 1
[AC6005-ospf-1]area 0
[AC6005-ospf-1-area-0.0.0.0]network 10.1.13.0 0.0.0.255
[AC6005-ospf-1-area-0.0.0.0]network 10.1.14.0 0.0.0.255

[AC6005]dhcp enable
[AC6005]interface Vlanif13
[AC6005-Vlanif13]dhcp select interface
[AC6005]interface Vlanif14
[AC6005-Vlanif14]dhcp select interface
[AC6005-Vlanif14]dhcp server dns-list 114.114.114.114 10.1.14.254

[AC6005]display port vlan

[AC6005]display ip interface brief

*down: administratively down
^down: standby
(l): loopback
(s): spoofing
(E): E-Trunk down
The number of interface that is UP in Physical is 6
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 6
The number of interface that is DOWN in Protocol is 0
Interface IP Address/Mask Physical Protocol
LoopBack0 41.41.41.41/32 up up(s)
NULL0 unassigned up up(s)
Vlanif1 169.254.1.1/16 up up
Vlanif13 10.1.13.254/24 up up
Vlanif14 10.1.14.254/24 up up

<AC6005>ping 10.1.31.78
PING 10.1.31.78: 56 data bytes, press CTRL_C to break
Reply from 10.1.31.78: bytes=56 Sequence=1 ttl=126 time=1 ms
Reply from 10.1.31.78: bytes=56 Sequence=2 ttl=126 time=1 ms
Reply from 10.1.31.78: bytes=56 Sequence=3 ttl=126 time=1 ms
Reply from 10.1.31.78: bytes=56 Sequence=4 ttl=126 time=1 ms
Reply from 10.1.31.78: bytes=56 Sequence=5 ttl=126 time=1 ms
--- 10.1.31.78 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/1 ms

[AC6005]wlan
[AC6005-wlan-view]regulatory-domain-profile name domain1
[AC6005-wlan-regulatory-domain-prof-domain1]country-code CN
[AC6005-wlan-regulatory-domain-prof-domain1]quit
[AC6005-wlan-view]quit

[AC6005]wlan
[AC6005-wlan-view]ap-group name ap-group1
[AC6005-wlan-ap-group-ap-group1]regulatory-domain-profile domain1
Warning: Modifying the country code will clear channel, power and antenna
gain configurations of the radio and reset the AP. Continue?[Y/N]:y
[AC6005-wlan-ap-group-guest1]quit

[AC6005]capwap source interface vlanif 13

[AC6005]wlan
[AC6005-wlan-view]ap auth-mode mac-auth
[AC6005-wlan-view]ap-mac 4cfa-cabf-d520 ap-id 0 ap-sn 21500826412SG8919936
[AC6005-wlan-ap-0]ap-group ap-group1
[AC6005-wlan-ap-0]ap-name ap0

<AC6005>display ap all
Total AP information:
nor : normal [1]
--------------------------------------------------------------
ID MAC Name Group IP Type State STA Uptime
--------------------------------------------------------------
0 4cfa-cabf-d520 ap0 ap-group1 10.1.13.253 AP4030DN nor 0 12S
--------------------------------------------------------------

[AC6005-wlan-view]security-profile name portal_authen

[AC6005-wlan-sec-prof-portal_authen]quit

[AC6005-wlan-view]ssid-profile name guest

[AC6005-wlan-ssid-prof-guest]ssid guest
Warning: This action may cause service interruption. Continue?[Y/N]y

[AC6005-wlan-view]vap-profile name guest

[AC6005-wlan-vap-prof-guest]forward-mode tunnel
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC6005-wlan-vap-prof-guest]service-vlan vlan-id 14
[AC6005-wlan-vap-prof-guest]security-profile portal_authen
[AC6005-wlan-vap-prof-guest]ssid-profile guest

[AC6005-wlan-view]ap-group name ap-group1

[AC6005-wlan-ap-group-ap-group1]vap-profile guest wlan 4 radio all

<AC6005>display vap ssid guest

WID : WLAN ID
--------------------------------------------------------------
AP ID AP name RfID WID SSID BSSID Status Auth type
STA
--------------------------------------------------------------
0 ap0 0 4 guest 4CFA-CABF-D522 ON Open+Portal 1
0 ap0 1 4 guest 4CFA-CABF-D532 ON Open+Portal 1
--------------------------------------------------------------
[AC6005]radius-server template radius
[AC6005-radius-radius]radius-server authentication 10.1.31.78 1812 source ip-
address 10.1.13.254 weight 80
[AC6005-radius-radius]radius-server accounting 10.1.31.78 1813 source ip-
address 10.1.13.254 weight 80
[AC6005-radius-radius]radius-server shared-key cipher Huawei@123
[AC6005-radius-radius]radius-server user-name original
[AC6005]radius-server authorization 10.1.31.78 shared-key cipher Huawei@123

[AC6005]aaa
[AC6005-aaa]authentication-scheme radius
[AC6005-aaa-authen-radius]authentication-mode radius
[AC6005-aaa]accounting-scheme radius
[AC6005-aaa-accounting-radius]accounting-mode radius

[AC6005]url-template name urlTemplate_0

[AC6005-url-template-urlTemplate_0] url http://10.1.31.78:8080/portal

[AC6005]web-auth-server Portal_auth
[AC6005-web-auth-server-Portal_auth]server-ip 10.1.31.78
[AC6005-web-auth-server-Portal_auth]port 50200
[AC6005-web-auth-server-Portal_auth]shared-key cipher Huawei@123
[AC6005-web-auth-server-Portal_auth]url-template urlTemplate_0

[AC6005]free-rule-template name default_free_rule

[AC6005-free-rule-default_free_rule]free-rule 1 destination ip 10.1.31.78
mask 24

[AC6005]portal-access-profile name portal_access_profile

[AC6005-portal-access-profile-portal_access_profile] web-auth-server
Portal_auth direct
[AC6005-portal-access-profile-portal_access_profile]quit

[AC6005]authentication-profile name macportal_authen_profile

[AC6005-authentication-profile-macportal_authen_profile]portal-access-profile
portal_access_profile
[AC6005-authentication-profile-acportal_authen_profile]portal-access-profile
portal_access_profile
[AC6005-authentication-profile-macportal_authen_profile]free-rule-template
default_free_rule
[AC6005-authentication-profile-macportal_authen_profile]authentication-scheme
radius
[AC6005-authentication-profile-macportal_authen_profile]accounting-scheme
radius
[AC6005-authentication-profile-macportal_authen_profile]radius-server radius

[AC6005-wlan-view]vap-profile name guest

[AC6005-wlan-vap-prof-guest]authentication-profile macportal_authen_profile
Warning: This action may cause service interruption. Continue?[Y/N]y

Step 2
[AC6005]test-aaa VIP01 Huawei@123 radius-template radius pap
Info: Account test succeed.

Step 3
Step 4
3.3 Verification

3.3.1 Authentication on the terminal

3.3.2 Check User Authentication Information on the Agile Controller-
Campus
3.4 Reference Configuration

3.4.1 SW3 Configuration

#
sysname SW3
#
vlan batch 10 31 to 32
#
interface Vlanif10
ip address 10.1.10.33 255.255.255.0
#
interface Vlanif31
ip address 10.1.31.33 255.255.255.0
#
interface Vlanif32
ip address 10.1.32.33 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/6
port link-type access
port default vlan 31
#
interface GigabitEthernet0/0/7
port link-type access
port default vlan 32
#
ospf 1
area 0.0.0.0
network 10.1.10.0 0.0.0.255
network 10.1.32.0 0.0.0.255
network 10.1.31.0 0.0.0.255
#
return
#

3.4.2 SW4 Configuration

#
sysname SW4
#
vlan batch 10 to 14
#
interface Vlanif10
ip address 10.1.10.34 255.255.255.0
#
interface Vlanif13
ip address 10.1.13.34 255.255.255.0
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk pvid vlan 13
port trunk allow-pass vlan 13
#
interface GigabitEthernet0/0/6
port link-type trunk
port trunk allow-pass vlan 13 to 14
#
interface GigabitEthernet0/0/7
port link-type access
port default vlan 10
#
ospf 1 router-id 34.34.34.34
area 0.0.0.0
network 10.1.10.0 0.0.0.255
network 10.1.13.0 0.0.0.255
network 10.1.14.0 0.0.0.255
#
return
#
3.4.3 AC Configuration
#
sysname AC
#
http secure-server ssl-policy default_policy
http server enable
#
router id 41.41.41.41
#
vlan batch 13 to 14 4090
#
authentication-profile name dot1x_authen_profile
dot1x-access-profile dot1x_access_profile
authentication-scheme radius
accounting-scheme radius
radius-server radius
authentication-profile name mac_authen_profile
mac-access-profile mac_access_profile
authentication-scheme radius
accounting-scheme radius
radius-server radius
authentication-profile name portal_authen_profile
authentication-profile name macportal_authen_profile
portal-access-profile portal_access_profile
free-rule-template default_free_rule
authentication-scheme radius
accounting-scheme radius
radius-server radius
#
dot1x-access-profile name dot1x_access_profile
mac-access-profile name mac_access_profile
#
dhcp enable
#
dhcp snooping enable
#
device-sensor dhcp option 12 55 60
#
diffserv domain default
#
radius-server template default
radius-server template radius
radius-server shared-key cipher Huawei@123
radius-server authentication 10.1.31.78 1812 source ip-address 10.1.13.254
weight 80
radius-server accounting 10.1.31.78 1813 source ip-address 10.1.13.254
weight 80
radius-server authorization 10.1.31.78 shared-key cipher Huawei@123
#
pki realm default
enrollment self-signed
#
ssl policy default_policy type server
pki-realm default
#
free-rule-template name default_free_rule
free-rule 1 destination ip 10.1.31.78 mask 255.255.255.0
#
url-template name urlTemplate_0
url http://10.1.31.78:8080/portal
#
web-auth-server Portal_auth
server-ip 10.1.31.78
port 50200
shared-key cipher Huawei@123
url-template urlTemplate_0
#
portal-access-profile name portal_access_profile
web-auth-server Portal_auth direct
#
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authorization-scheme default
accounting-scheme default
accounting-scheme radius
accounting-mode radius
accounting realtime 1
domain default
domain default_admin
local-user admin password irreversible-cipher %^%#FX&{Uzh&dL*+oBZAZ.YP,NR#:-
Q}PM!6yk62R^B&$K]}%\oh=Cl@6v!dP#&>%^%#
local-user admin privilege level 15
local-user admin service-type telnet terminal ssh http
#
interface Vlanif1
ip address 169.254.1.1 255.255.0.0
#
interface Vlanif13
ip address 10.1.13.254 255.255.255.0
dhcp select interface
#
interface Vlanif14
ip address 10.1.14.254 255.255.255.0
dhcp select interface
dhcp server dns-list 114.114.114.114 10.1.14.254
#
interface Vlanif4090
ip address 172.21.20.9 255.255.0.0
management-interface
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 13 to 14
#
interface GigabitEthernet0/0/8
port link-type access
port default vlan 4090
#
interface NULL0
#
interface LoopBack0
ip address 41.41.41.41 255.255.255.255
#
ospf 1
area 0.0.0.0
network 10.1.13.0 0.0.0.255
network 10.1.14.0 0.0.0.255
#
undo snmp-agent
#
stelnet server enable
undo telnet ipv6 server enable
ssh server secure-algorithms cipher aes256_ctr aes128_ctr aes256_cbc aes128
3des
ssh server secure-algorithms hmac sha2_256 sha2_256_96 sha1 sha1_96 md5
md5_96
ssh client secure-algorithms cipher aes256_ctr aes128_ctr aes256_cbc aes128
3des
ssh client secure-algorithms hmac sha2_256 sha2_256_96 sha1 sha1_96 md5
md5_96
#
capwap source interface vlanif13
#
user-interface con 0
authentication-mode password
set authentication password
cipher %^%#EOgk@Ms;gTyQ&mN6YV|1vM)z!b,V9SZZ`B'+n=!&Y(Bb8NY.04r[slWcJ({E%^%#
user-interface vty 0 4
authentication-mode password
user privilege level 15
set authentication password
cipher %^%#=j5+'=)^s6q@}IYy`CiY2aM'CY%+[59,23I=]x}K9J6VD!I[;V*,@D(j=0^J%^%#
protocol inbound all
user-interface vty 16 20
protocol inbound all
#
wlan
traffic-profile name default
security-profile name default
security-profile name default-wds
security wpa2 psk pass-
phrase %^%#U9#%Tu'P(2wIMm8Kxx<!~.KEH7LW:7+h!"/UzOeA%^%# aes
security-profile name default-mesh
security wpa2 psk pass-
phrase %^%#CdsG$Qj:@C}x~S#.5]*Wh8RN*:[r4$"XY]5`A5LP%^%# aes
security-profile name development_employee
security wpa2 dot1x aes
security-profile name mac_access
security-profile name portal_authen
ssid-profile name guest
ssid guest
ssid-profile name default
vap-profile name guest
forward-mode tunnel
service-vlan vlan-id 14
ssid-profile guest
security-profile portal_authen
authentication-profile macportal_authen_profile
vap-profile name default
wds-profile name default
mesh-handover-profile name default
mesh-profile name default
regulatory-domain-profile name default
regulatory-domain-profile name domain1
air-scan-profile name default
rrm-profile name default
radio-2g-profile name default
radio-5g-profile name default
wids-profile name default
ap-system-profile name default
provision-ap
port-link-profile name default
wired-port-profile name default
ap-group name group1
ap-group name default
ap-group name ap-group1
regulatory-domain-profile domain1
radio 0
vap-profile guest wlan 4
radio 1
vap-profile guest wlan 4
ap-id 0 type-id 43 ap-mac 4cfa-cabf-d520 ap-sn 21500826412SG8919936
ap-name ap0
ap-group ap-group1
#
undo ntp-service enable
#
return
#
4 AD User Authentication

4.1 Introduction

4.1.1 About this lab

4.1.2 Objectives







4.1.3 Networking and Service Description
4.2 Configuration Procedure

4.2.1 Configuration Roadmap

4.2.2 Configuration Steps
Step 1
Step 2
Step 3

[SW4]radius-server template radius

[SW4-radius-radius]radius-server shared-key cipher Huawei@123
[SW4-radius-radius]radius-server authentication 10.1.31.79 1812
[SW4-radius-radius]radius-server accounting 10.1.31.79 1813
[SW4-radius-radius]quit
[SW4]radius-server authorization 10.1.31.79 shared-key cipher Huawei@123

[SW4]dot1x authentication-method eap

[SW4]interface GigabitEthernet 0/0/1
[SW4-GigabitEthernet0/0/1]authentication dot1x

[SW4]authentication free-rule 1 destination ip 10.1.31.79 mask

255.255.255.255
[SW4]test-aaa Ann Huawei@123 radius-template radius pap
[SW4]
Info: Account Ann succeed.
4.3 Verification

4.3.1 Use the AnyOffice Client for Authentication

4.4 Reference Configuration

4.4.1 SW4 Configuration

#
sysname SW4
#
dot1x authentication-method eap
#
radius-server template radius
radius-server shared-key cipher Huawei@123
radius-server authentication 10.1.31.79 1812 weight 80
radius-server accounting 10.1.31.79 1813 weight 80
radius-server authorization 10.1.31.79 shared-key cipher Huawei@123
#
aaa
authentication-scheme radius
authentication-mode radius
accounting-scheme radius
accounting-mode radius
domain default
authentication-scheme radius
accounting-scheme radius
radius-server radius
#
interface Vlanif10
ip address 10.1.10.34 255.255.255.0
#
interface Vlanif11
ip address 10.1.11.34 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 11
authentication dot1x
#
interface GigabitEthernet0/0/7
port link-type access
port default vlan 10
#
ospf 1 router-id 34.34.34.34
area 0.0.0.0
network 10.1.10.0 0.0.0.255
network 10.1.11.0 0.0.0.255
#
authentication free-rule 1 destination ip 10.1.31.79 mask 255.255.255.255
#
5 802.1X Authentication in a Wired
Environment

5.1 Introduction

5.1.1 About this lab

5.1.2 Objectives



5.1.3 Networking and Service Description

Server Zone

FTP Server Web Server Email Server

Development Employees
PC1

5.1.4 Prerequisites

5.1.5 Experiment Plan

5.2 Configuration Procedure

5.2.1 Configuration Roadmap

5.2.2 Configuration Steps

Step 1

[SW4]radius-server template radius

[SW4-radius-radius]radius-server shared-key cipher Huawei@123
[SW4-radius-radius]radius-server authentication 10.1.31.78 1812
[SW4-radius-radius]radius-server accounting 10.1.31.78 1813
[SW4-radius-radius]quit
[SW4]radius-server authorization 10.1.31.78 shared-key cipher Huawei@123

[SW4-aaa]aaa
[SW4-aaa]authentication-scheme radius
[SW4-aaa-authen-radius]authentication-mode radius
[SW4-aaa-authen-radius]quit
[SW4-aaa]accounting-scheme radius
[SW4-aaa-accounting-radius]accounting-mode radius
[SW4-aaa-accounting-radius]quit
[SW4-aaa]domain default
[SW4-aaa-domain-default]authentication-scheme radius
[SW4-aaa-domain-default]accounting-scheme radius
[SW4-aaa-domain-default]radius-server radius
[SW4]dot1x authentication-method eap
[SW4]interface GigabitEthernet 0/0/1
[SW4-GigabitEthernet0/0/1]authentication dot1x

[SW4]authentication free-rule 1 destination ip 10.1.31.78 mask

255.255.255.255

Step 2
[SW4]test-aaa user1 Huawei@123 radius-template radius pap
[SW4]
Info: Account user1 succeed.
5.3 Verification

5.3.1 Use the AnyOffice to Authenticate PC1

PC1>ping 10.1.32.73

Pinging 10.1.32.73 with 32 bytes of data:

Reply from 10.1.32.73: bytes=32 time=4ms TTL=126
Reply from 10.1.32.73: bytes=32 time<1ms TTL=126
Reply from 10.1.32.73: bytes=32 time<1ms TTL=126
Reply from 10.1.32.73: bytes=32 time=1ms TTL=126

Ping statistics for 10.1.32.73:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 4ms, Average = 1ms

PC1>ping 10.1.32.74
Pinging 10.1.32.74 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 10.1.32.74:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
PC1>ping 10.1.32.75

Pinging 10.1.32.75 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 10.1.32.75:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

5.3.2 Check the Authorization Result on SW4

[SW4]display access-user
----------------------------------------------------------------------------
UserID Username IP address MAC Status
-------------------------------------------------------------
31 user1 10.1.11.101 000c-29f0-d33e Success
-------------------------------------------------------------
Total: 1, printed: 1

[SW4]dispaly access-user user-id 31

Basic:
User ID : 31
User name : user1
Domain-name : default
User MAC : 000c-29f5-45d8
User IP address : 10.1.11.101
User vpn-instance : -
User access Interface : GigabitEthernet0/0/1
User vlan event : Success
QinQVlan/UserVlan : 0/11
User access time : 2017/10/12 19:33:14
User accounting session ID : SW400001000000011948d94000017
Option82 information : -
User access type : 802.1x
Terminal Device Type : Data Terminal
Dynamic ACL desc(Effective) :
No. 0: acl 10001 dest-ip 10.1.32.74 dest-ipmask 32 deny
No. 1: acl 10002 dest-ip 10.1.32.75 dest-ipmask 32 deny
No. 2: acl 10003 dest-ip 10.1.32.73 dest-ipmask 32 permit
No. 3: acl 10100 dest-ip 0.0.0.0 dest-ipmask 0 deny

AAA:
User authentication type : 802.1x authentication
Current authentication method : RADIUS
Current authorization method : -
Current accounting method : RADIUS
5.3.3 Check User Authentication Information on the Agile Controller-
Campus
5.4 Reference Configuration

5.4.1 SW3 Configuration

sysname SW3
#
vlan batch 10 31 to 32
#
interface Vlanif10
ip address 10.1.10.33 255.255.255.0
#
interface Vlanif31
ip address 10.1.31.33 255.255.255.0
#
interface Vlanif32
ip address 10.1.32.33 255.255.255.0

interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/6
port link-type access
port default vlan 31

interface GigabitEthernet0/0/7
port link-type access
port default vlan 32
#
ospf 1 router-id 33.33.33.33
area 0.0.0.0
network 10.1.10.0 0.0.0.255
network 10.1.31.0 0.0.0.255
network 10.1.32.0 0.0.0.255

5.4.2 SW4 Configuration

#
sysname SW4
#
dot1x authentication-method eap
#
radius-server template radius
radius-server shared-key cipher Huawei@123
radius-server authentication 10.1.31.78 1812 weight 80
radius-server accounting 10.1.31.78 1813 weight 80
radius-server authorization 10.1.31.78 shared-key cipher Huawei@123

interface GigabitEthernet0/0/7
port link-type access
port default vlan 10
#
ospf 1 router-id 34.34.34.34
area 0.0.0.0
network 10.1.10.0 0.0.0.255
network 10.1.11.0 0.0.0.255
#
authentication free-rule 1 destination ip 10.1.31.78 mask 255.255.255.255
#

5.5 Question

5.5.1 Questions About Wired 802.1X Authentication

6 802.1X Authentication in a Wireless
Environment

6.1 Introduction

6.1.1 About this lab

6.1.2 Objectives



6.1.3 Networking and Service Description

6.1.4 Prerequisites

6.1.5 Experiment Plan

6.2 Configuration Procedure

6.2.1 Configuration Roadmap

6.2.2 Configuration Steps

Step 1
[SW4]vlan batch 13 to 14
[SW4]interface GigabitEthernet0/0/5
[SW4-GigabitEthernet0/0/5]port link-type trunk
[SW4-GigabitEthernet0/0/5]port trunk pvid vlan 13
[SW4-GigabitEthernet0/0/5]port trunk allow-pass vlan 13
[SW4-GigabitEthernet0/0/5]quit
[SW4]interface GigabitEthernet0/0/6
[SW4-GigabitEthernet0/0/6]port link-type trunk
[SW4-GigabitEthernet0/0/6]port trunk allow-pass vlan 13 to 14

[SW4]interface Vlanif13
[SW4-Vlanif13]ip address 10.1.13.34 255.255.255.0

Step 2

[AC6005]ospf 1
[AC6005-ospf-1]area 0
[AC6005-ospf-1-area-0.0.0.0]network 10.1.13.0 0.0.0.255
[AC6005-ospf-1-area-0.0.0.0]network 10.1.14.0 0.0.0.255

[AC6005]dhcp enable
[AC6005]interface Vlanif13
[AC6005-Vlanif13]dhcp select interface
[AC6005]interface Vlanif14
[AC6005-Vlanif14]dhcp select interface

[AC6005]display port vlan

Port Link Type PVID Trunk VLAN List
--------------------------------------------------------------
GigabitEthernet0/0/1 trunk 1 1 13-14
GigabitEthernet0/0/2 hybrid 1 -
GigabitEthernet0/0/3 hybrid 1 -
GigabitEthernet0/0/4 hybrid 1 -
GigabitEthernet0/0/5 hybrid 1 -
GigabitEthernet0/0/6 hybrid 1 -
[AC6005]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
(E): E-Trunk down
The number of interface that is UP in Physical is 6
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 6
The number of interface that is DOWN in Protocol is 0

Interface IP Address/Mask Physical Protocol

LoopBack0 41.41.41.41/32 up up(s)
NULL0 unassigned up up(s)
Vlanif1 169.254.1.1/16 up up
Vlanif13 10.1.13.254/24 up up
Vlanif14 10.1.14.254/24 up up

--- 10.1.31.78 ping statistics ---

5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/1 ms

Step 3

Step 4

[AC6005]wlan
[AC6005-wlan-view]ap auth-mode mac-auth
[AC6005-wlan-view]ap-mac 4cfa-cabf-d520 ap-id 0 ap-sn 21500826412SG8919936
[AC6005-wlan-ap-0]ap-group ap-group1
[AC6005-wlan-ap-0]ap-name ap0

<AC6005>display ap all
Total AP information:
nor : normal [1]
-----------------------------------------------------------------------------
ID MAC Name Group IP Type State STA Uptime
-----------------------------------------------------------------------------
0 4cfa-cabf-d520 ap0 ap-group1 10.1.13.253 AP4030DN nor 0 12S
-----------------------------------------------------------------------------

Step 5

[AC6005]wlan
[AC6005-wlan-view]security-profile name development_employee
[AC6005-wlan-sec-prof-development_employee]security wpa2 dot1x aes
warning: This action may cause service interruption. Continue?[Y/N]y

[AC6005]wlan
[AC6005-wlan-view]ssid-profile name development_employee
[AC6005-wlan-ssid-prof-development_employee]ssid development_employee
Warning: This action may cause service interruption. Continue?[Y/N]y

[AC6005]wlan
[AC6005-wlan-view]vap-profile name development_employee
[AC6005-wlan-vap-prof-development_employee]forward-mode tunnel
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC6005-wlan-vap-prof-development_employee]security-profile
development_employee
[AC6005-wlan-vap-prof-development_employee]service-vlan vlan-id 14
[AC6005-wlan-vap-prof-development_employee]ssid-profile development_employee

[AC6005]wlan
[AC6005-wlan-view]ap-group name ap-group1
[AC6005-wlan-ap-group-ap-group1]vap-profile development_employee wlan 1 radio
all

[AC6005]display vap ssid development_employee

WID : WLAN ID
-----------------------------------------------------------------------------
AP ID AP name RfID WID SSID BSSID Status Auth type
STA
-----------------------------------------------------------------------------
0 ap0 0 1 development_employee 4CFA-CABF-D520 ON WPA2+802.1X 0
0 ap0 1 1 development_employee 4CFA-CABF-D530 ON WPA2+802.1X 0
-----------------------------------------------------------------------------

Step 6

[AC6005]radius-server template radius

[AC6005-radius-radius]radius-server authentication 10.1.31.78 1812
[AC6005-radius-radius]radius-server accounting 10.1.31.78 1813
[AC6005-radius-radius]radius-server shared-key cipher Huawei@123
[AC6005]radius-server authorization 10.1.31.78 shared-key cipher Huawei@123
[AC6005-radius-radius]radius-server user-name original

[AC6005]aaa
[AC6005-aaa]authentication-scheme radius
[AC6005-aaa-authen-radius]authentication-mode radius
[AC6005-aaa]accounting-scheme radius
[AC6005-aaa-accounting-radius]accounting-mode radius

[AC6005]authentication-profile name dot1x_authen_profile

[AC6005-authentication-profile-dot1x_authen_profile]quit

[AC6005]authentication-profile name dot1x_authen_profile

[AC6005-authentication-profile-dot1x_authen_profile]dot1x-access-profile
dot1x_access_profile
[AC6005-authentication-profile-dot1x_authen_profile]authentication-scheme
radius
[AC6005-authentication-profile-dot1x_authen_profile]accounting-scheme radius
[AC6005-authentication-profile-dot1x_authen_profile]radius-server radius

[AC6005-wlan-view]vap-profile name development_employee

[AC6005-wlan-vap-prof-development_employee]authentication-profile
dot1x_authen_profile
Warning: This action may cause service interruption. Continue?[Y/N]y

Step 7

,
[AC6005]test-aaa user1 Admin@123 radius-template radius pap
Info: Account test succeed.
6.3 Verification

6.3.1 Connect to a Wireless Network on a Terminal to Perform

Authentication
6.3.2 Check User Authentication Information on the AC

<AC6005>display access-user
-------------------------------------------------------------
UserID Username IP address MAC Status
-------------------------------------------------------------
28 user1 10.1.14.253 3c91-57ae-fcb9 Success
-------------------------------------------------------------
Total: 1, printed: 1

<AC6005>display access-user user-id 28

Basic:
User ID : 33
User name : user1
User MAC : 3c91-57ae-fcb9
User IP address : 10.1.14.253
User IPv6 address : -
User access Interface : Wlan-Dbss2
User vlan event : Success
QinQVlan/UserVlan : 0/14
User access time : 2017/10/13 17:19:11
User accounting session ID : AC600500000000000014c8da73000033
Option82 information : -
User access type : 802.1x
AP name : ap0
Radio ID : 0
AP MAC : 4cfa-cabf-d520
SSID : development_employee
Online time : 27(s)
Dynamic ACL desc(Ineffective) :
No. 0: acl 10001 dest-ip 10.1.32.73 dest-ipmask 32 deny
No. 1: acl 10002 dest-ip 10.1.32.74 dest-ipmask 32 permit
No. 2: acl 10003 dest-ip 10.1.32.75 dest-ipmask 32 deny
No. 3: acl 10100 dest-ip 0.0.0.0 dest-ipmask 0 deny

AAA:
User authentication type : 802.1x authentication
Current authentication method : RADIUS
Current authorization method : -
Current accounting method : RADIUS

6.3.3 Check User Authentication Information on the Agile Controller-

Campus
6.4 Reference Configuration

6.4.1 SW3 Configuration

sysname SW3
#
vlan batch 10 31 to 32

interface Vlanif10
ip address 10.1.10.33 255.255.255.0
#
interface Vlanif31
ip address 10.1.31.33 255.255.255.0
#
interface Vlanif32
ip address 10.1.32.33 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/6
port link-type access
port default vlan 31
#
interface GigabitEthernet0/0/7
port link-type access
port default vlan 32
#
ospf 1
area 0.0.0.0
network 10.1.10.0 0.0.0.255
network 10.1.32.0 0.0.0.255
network 10.1.31.0 0.0.0.255
#
return

6.4.2 SW4 Configuration

wlan
traffic-profile name default
security-profile name default
security-profile name default-wds
security wpa2 psk pass-
phrase %^%#U9#%Tu'P(2wIMm8Kxx<!~.KEH7LW:7+h!"/UzOeA%^%aes
security-profile name default-mesh
security wpa2 psk pass-
phrase %^%#CdsG$Qj:@C}x~S#.5]*Wh8RN*:[r4$"XY]5`A5LP%^%aes
security-profile name development_employee
security wpa2 dot1x aes
ssid-profile name default
ssid-profile name development_employee
ssid development_employee
vap-profile name default
vap-profile name development_employee
forward-mode tunnel
service-vlan vlan-id 14
ssid-profile development_employee
security-profile development_employee
authentication-profile dot1x_authen_profile
wds-profile name default
mesh-handover-profile name default
mesh-profile name default
regulatory-domain-profile name default
regulatory-domain-profile name domain1
air-scan-profile name default
rrm-profile name default
radio-2g-profile name default
radio-5g-profile name default
wids-profile name default
ap-system-profile name default
provision-ap
port-link-profile name default
wired-port-profile name default
ap-group name default
ap-group name ap-group1
regulatory-domain-profile domain1
radio 0
vap-profile development_employee wlan 1
radio 1
vap-profile development_employee wlan 1
ap-id 0 type-id 43 ap-mac 4cfa-cabf-d520 ap-sn 21500826412SG8919936
ap-name ap0
ap-group ap-group1
#
return
#
6.5 Question

6.5.1 Questions About Wireless 802.1X Authentication

7 MAC Address Authentication in a Wired
Environment

7.1 Introduction

7.1.1 About this lab

7.1.2 Objectives



7.1.3 Networking and Service Description

7.1.4 Prerequisites

7.1.5 Experiment Plan

错误未找到引用源。
7.2 Configuration Procedure

7.2.1 Configuration Roadmap

7.2.2 Configuration Steps

Step 1

Configure a

[SW4]radius-server template radius

[SW4]dot1x authentication-method eap

[SW4]interface GigabitEthernet 0/0/1
[SW4-GigabitEthernet0/0/1]authentication mac-authen

[SW4]authentication free-rule 1 destination ip 10.1.31.78 mask

255.255.255.255

Step 2

,
[SW4]test-aaa user1 Huawei@123 radius-template radius pap
[SW4]
Info: Account user1 succeed.
7.3 Verification

7.3.1 Authentication on the terminal

PC1>ping 10.1.32.73

Pinging 10.1.32.73 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 10.1.32.73:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

PC1>ping 10.1.32.74

Pinging 10.1.32.74 with 32 bytes of data:

Reply from 10.1.32.74: bytes=32 time=4ms TTL=126
Reply from 10.1.32.74: bytes=32 time=1ms TTL=126
Reply from 10.1.32.74: bytes=32 time<1ms TTL=126
Reply from 10.1.32.74: bytes=32 time=1ms TTL=126

Ping statistics for 10.1.32.74:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 4ms, Average = 1ms

PC1>ping 10.1.32.75

Pinging 10.1.32.75 with 32 bytes of data:

Reply from 10.1.32.75: bytes=32 time=5ms TTL=126
Reply from 10.1.32.75: bytes=32 time=1ms TTL=126
Reply from 10.1.32.75: bytes=32 time<1ms TTL=126
Reply from 10.1.32.75: bytes=32 time<1ms TTL=126

Ping statistics for 10.1.32.75:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 5ms, Average = 1ms

7.3.2 Check the Authorization Result on SW4

[SW4]display access-user
-------------------------------------------------------------
UserID Username IP address MAC Status
-------------------------------------------------------------
34 000c29f0d33e 10.1.11.101 000c-29f0-d33e Success
-------------------------------------------------------------
Total: 1, printed: 1

[SW4]display access-user user-id 34

Basic:
User ID : 34
User name : 000c29f545d8
Domain-name : default
User MAC : 000c-29f5-45d8
User IP address : 10.1.11.101
User vpn-instance : -
User access Interface : GigabitEthernet0/0/1
User vlan event : Success
QinQVlan/UserVlan : 0/11
User access time : 2017/10/13 15:28:22
User accounting session ID : SW400001000000011830694000017
Option82 information : -
User access type : MAC
Terminal Device Type : Data Terminal
Dynamic ACL desc(Effective) :
No. 0: acl 10001 dest-ip 10.1.32.73 dest-ipmask 32 deny
No. 1: acl 10002 dest-ip 10.1.32.74 dest-ipmask 32 permit
No. 2: acl 10003 dest-ip 10.1.32.75 dest-ipmask 32 permit
No. 3: acl 10100 dest-ip 0.0.0.0 dest-ipmask 0 deny
Session Timeout : 1800(s)
Termination Action : RE-AUTHENTICATION

AAA:
User authentication type : MAC authentication
Current authentication method : RADIUS
Current authorization method : -
Current accounting method : RADIUS

7.3.3 Check User Authentication Information on the Agile Controller-

Campus
7.4 Reference Configuration

7.4.1 SW3 Configuration

interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/6
port link-type access
port default vlan 31

7.4.2 SW4 Configuration

aaa
authentication-scheme radius
authentication-mode radius
accounting-scheme radius
accounting-mode radius
domain default
authentication-scheme radius
accounting-scheme radius
radius-server radius
#
interface Vlanif10
ip address 10.1.10.34 255.255.255.0
#
interface Vlanif11
ip address 10.1.11.34 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 11
authentication mac-authen
#
interface GigabitEthernet0/0/7
port link-type access
port default vlan 10
#
ospf 1 router-id 34.34.34.34
area 0.0.0.0
network 10.1.10.0 0.0.0.255
network 10.1.11.0 0.0.0.255
#
authentication free-rule 1 destination ip 10.1.31.78 mask 255.255.255.255
#

7.5 Questions

7.5.1 Questions About Wired MAC Address Authentication



8 MAC Address Authentication in a Wireless
Environment

8.1 Introduction

8.1.1 About this lab

8.1.2 Objectives



8.1.3 Networking and Service Description

8.1.4 Prerequisites

8.1.5 Experiment Plan

8.2 Configuration Procedure

8.2.1 Configuration Roadmap

8.2.2 Configuration Steps

Step 1

Step 2

[AC6005]ospf 1
[AC6005-ospf-1]area 0
[AC6005-ospf-1-area-0.0.0.0]network 10.1.13.0 0.0.0.255
[AC6005-ospf-1-area-0.0.0.0]network 10.1.14.0 0.0.0.255

[AC6005]dhcp enable
[AC6005]interface Vlanif13
[AC6005-Vlanif13]dhcp select interface
[AC6005]interface Vlanif14
[AC6005-Vlanif14]dhcp select interface

[AC6005]display port vlan

[AC6005]display ip interface brief

Interface IP Address/Mask Physical Protocol

LoopBack0 41.41.41.41/32 up up(s)
NULL0 unassigned up up(s)
Vlanif1 169.254.1.1/16 up up
Vlanif13 10.1.13.254/24 up up
Vlanif14 10.1.14.254/24 up up

--- 10.1.31.78 ping statistics ---

5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/1 ms

[AC6005]capwap source interface vlanif 13

[AC6005]wlan
[AC6005-wlan-view]ap auth-mode mac-auth
[AC6005-wlan-view]ap-mac 4cfa-cabf-d520 ap-id 0 ap-sn 21500826412SG8919936
Warning: This operation maybe cause AP reset. If the country code changes, it
will clear channel, power and antenna gain configurations of the radio,
Whether to continue? [Y/N]y
[AC6005-wlan-ap-0]ap-group ap-group1
[AC6005-wlan-ap-0]ap-name ap0

[AC6005-wlan-view]security-profile name mac_access

[AC6005-wlan-sec-prof-mac_access]quit

[AC6005-wlan-view]ssid-profile name mac_access

[AC6005-wlan-ssid-prof-mac_access]ssid mac_access
Warning: This action may cause service interruption. Continue?[Y/N]y

[AC6005-wlan-view]vap-profile name mac_access

[AC6005-wlan-vap-prof-mac_access]forward-mode tunnel
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC6005-wlan-vap-prof-mac_access]service-vlan vlan-id 14
[AC6005-wlan-vap-prof-mac_access]security-profile mac_access
[AC6005-wlan-vap-prof-mac_access]ssid-profile mac_access

[AC6005-wlan-view]ap-group name ap-group1

[AC6005-wlan-ap-group-ap-group1]vap-profile mac_access wlan 2 radio all
<AC6005>display vap ssid mac_access
WID : WLAN ID
-----------------------------------------------------------------------------
AP ID AP name RfID WID SSID BSSID Status Auth type
STA
-----------------------------------------------------------------------------
0 ap0 0 2 mac_access 4CFA-CABF-D521 ON Open+MAC 0
0 ap0 1 2 mac_access 4CFA-CABF-D531 ON Open+MAC 0
-----------------------------------------------------------------------------

[AC6005]radius-server template radius

[AC6005-radius-radius]radius-server authentication 10.1.31.78 1812
[AC6005-radius-radius]radius-server accounting 10.1.31.78 1813
[AC6005-radius-radius]radius-server shared-key cipher Huawei@123
[AC6005-radius-radius]radius-server user-name original
[AC6005]radius-server authorization 10.1.31.78 shared-key cipher Huawei@123

[AC6005]aaa
[AC6005-aaa]authentication-scheme radius
[AC6005-aaa-authen-radius]authentication-mode radius
[AC6005-aaa]accounting-scheme radius
[AC6005-aaa-accounting-radius]accounting-mode radius

[AC6005]authentication-profile name mac_authen_profile

[AC6005-authentication-profile-mac_authen_profile]quit

[AC6005]authentication-profile name mac_authen_profile

[AC6005-authentication-profile-mac_authen_profile]mac-access-profile
mac_access_profile
[AC6005-authentication-profile-mac_authen_profile]authentication-scheme
radius
[AC6005-authentication-profile-mac_authen_profile]accounting-scheme radius
[AC6005-authentication-profile-mac_authen_profile]radius-server radius
[AC6005-wlan-view]vap-profile name mac_access
[AC6005-wlan-vap-prof-mac_access]authentication-profile mac_authen_profile
Warning: This action may cause service interruption. Continue?[Y/N]y

Step 3

[AC6005]test-aaa user1 Admin@123 radius-template radius pap

Info: Account test succeed.
8.3 Verification

8.3.1 Authentication on the terminal

8.3.2 Check User Authentication Information on the AC

<AC6005>display mac-authen
Quiet period is 60s
Authentication fail times before quiet is 1
Maximum users: 2048
Current users: 1
Global default domain is default

Wlan-Dbss0 state: UP. MAC address authentication is enabled

Reauthentication is disabled
Current users: 1
Authentication Success: 1, Failure: 0

Online user(s) info:

UserId MAC/VLAN AccessTime UserName
----------------------------------------------------------------------------
30 3c91-57ae-fcb9/14 2017/10/16 18:12:11 3c9157aefcb9
----------------------------------------------------------------------------
Total: 1, printed: 1

Wlan-Dbss1 state: UP. MAC address authentication is enabled

Reauthentication is disabled
Current users: 0
Authentication Success: 0, Failure: 0

<AC6005>display access-user user-id 30

Basic:
User ID : 30
User name : 3c9157aefcb9
User MAC : 3c91-57ae-fcb9
User IP address : 10.1.14.253
User IPv6 address : -
User access Interface : Wlan-Dbss0
User vlan event : Success
QinQVlan/UserVlan : 0/14
User access time : 2017/10/16 18:12:11
User accounting session ID : AC6005000000000000144bcb3d000030
Option82 information : -
User access type : MAC
AP name : ap0
Radio ID : 0
AP MAC : 4cfa-cabf-d520
SSID : mac_access
Online time : 103(s)

AAA:
User authentication type : MAC authentication
Current authentication method : RADIUS
Current authorization method : -
Current accounting method : RADIUS

8.3.3 Check User Authentication Information on the Agile Controller-

Campus
8.4 Reference Configuration

8.4.1 SW3 Configuration

sysname SW3
#
vlan batch 10 31 to 32

8.4.2 SW4 Configuration

sysname SW4
#
vlan batch 10 to 14
#
interface Vlanif10
ip address 10.1.10.34 255.255.255.0
#
interface Vlanif13
ip address 10.1.13.34 255.255.255.0
#
interface GigabitEthernet0/0/5
port link-type trunk
port trunk pvid vlan 13
port trunk allow-pass vlan 13
#
interface GigabitEthernet0/0/6
port link-type trunk
port trunk allow-pass vlan 13 to 14
#
interface GigabitEthernet0/0/7
port link-type access
port default vlan 10
#
ospf 1 router-id 34.34.34.34
area 0.0.0.0
network 10.1.10.0 0.0.0.255
network 10.1.13.0 0.0.0.255
network 10.1.14.0 0.0.0.255
#
Return

8.4.3 AC Configuration
sysname AC
#
router id 41.41.41.41
#
vlan batch 13 to 14 4090
#
authentication-profile name dot1x_authen_profile
authentication-profile name mac_authen_profile
mac-access-profile mac_access_profile
authentication-scheme radius
accounting-scheme radius
radius-server radius
authentication-profile name portal_authen_profile
authentication-profile name macportal_authen_profile
#
dot1x-access-profile name dot1x_access_profile
mac-access-profile name mac_access_profile
#
dhcp enable
#
diffserv domain default
#
radius-server template default
radius-server template radius
radius-server shared-key cipher Huawei@123
radius-server authentication 10.1.31.78 1812 weight 80
radius-server accounting 10.1.31.78 1813 weight 80
radius-server authorization 10.1.31.78 shared-key cipher Huawei@123
#
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authorization-scheme default
accounting-scheme default
accounting-scheme radius
accounting-mode radius
domain default
domain default_admin
local-user admin password irreversible-cipher %^%#FX&{Uzh&dL*+oBZAZ.YP,NR#:-
Q}PM!6yk62R^B&$K]}%\oh=Cl@6v!dP#&>%^%#
local-user admin privilege level 15
local-user admin service-type telnet terminal ssh http
#
interface Vlanif13
ip address 10.1.13.254 255.255.255.0
dhcp select interface
#
interface Vlanif14
ip address 10.1.14.254 255.255.255.0
dhcp select interface
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 13 to 14
#
interface LoopBack0
ip address 41.41.41.41 255.255.255.255
#
ospf 1
area 0.0.0.0
network 10.1.13.0 0.0.0.255
network 10.1.14.0 0.0.0.255
#
capwap source interface vlanif13
#
wlan
traffic-profile name default
security-profile name default
security-profile name default-wds
security wpa2 psk pass-
phrase %^%#U9#%Tu'P(2wIMm8Kxx<!~.KEH7LW:7+h!"/UzOeA%^%aes
security-profile name default-mesh
security wpa2 psk pass-
phrase %^%#CdsG$Qj:@C}x~S#.5]*Wh8RN*:[r4$"XY]5`A5LP%^%aes
security-profile name mac_access
ssid-profile name default
ssid-profile name mac_access
ssid mac_access
vap-profile name default
vap-profile name mac_access
forward-mode tunnel
service-vlan vlan-id 14
ssid-profile mac_access
security-profile mac_access
authentication-profile mac_authen_profile
wds-profile name default
mesh-handover-profile name default
mesh-profile name default
regulatory-domain-profile name default
regulatory-domain-profile name domain1
air-scan-profile name default
rrm-profile name default
radio-2g-profile name default
radio-5g-profile name default
wids-profile name default
ap-system-profile name default
provision-ap
port-link-profile name default
wired-port-profile name default
ap-group name default
ap-group name ap-group1
regulatory-domain-profile domain1
radio 1
vap-profile development_employee wlan 1
vap-profile mac_access wlan 2
ap-id 0 type-id 43 ap-mac 4cfa-cabf-d520 ap-sn 21500826412SG8919936
ap-name ap0
ap-group ap-group1
#
Return
8.5 Questions

8.5.1 Questions About Wireless MAC Address Authentication

9 Hardware SACG Authentication

9.1 Introduction

9.1.1 About this lab

9.1.2 Objectives



9.1.3 Networking and Service Description

9.1.4 Prerequisites

9.1.5 Experiment Plan

9.2 Configuration Procedure

9.2.1 Configuration Roadmap

9.2.2 Configuration Steps

Step 1

[SW3]acl 2000
[SW3-acl-basic-2000]rule 5 permit source 10.1.11.0 0.0.0.255

[SW3]interface GigabitEthernet 0/0/1

[SW3-GigabitEthernet0/0/1]traffic-redirect inbound acl 2000 ip-nexthop
10.1.21.13

Step 2
Step 3
9.3 Verification

9.3.1 Authentication on the terminal

9.3.2 Check the Authorization Result on FW3

<FW3>display right-manager online-users

2017-10-16 11:16:05.370 +08:00
User name : user1
Ip address : 10.1.11.101
ServerIp : 10.1.31.78
Login time : 11:03:20 2017/10/16 ( Hour:Minute:Second Year/Month/Day)
-----------------------------------------
Role id Role name
1 DefaultDeny
6 Permit_1
255 Last
-----------------------------------------

<FW3>display right-manager role-id 6 rule

2017-10-16 11:16:25.450 +08:00
Advanced ACL 0, 2 rules ( Reference counter 0 )
Acl's step is 1
rule 1 permit ip destination 10.1.32.74 0 (0 times matched)
rule 2 permit ip destination 10.1.32.75 0 (0 times matched)

9.3.3 Check User Authentication Information on the Agile Controller-

Campus
9.4 Reference Configuration

9.4.1 SW3 Configuration

#
sysname SW3
#
vlan batch 10 20 to 21 31 to 33 40 50
#
acl number 2000
rule 5 permit source 10.1.11.0 0.0.0.255
#

interface Vlanif10
ip address 10.1.10.33 255.255.255.0
#
interface Vlanif20
ip address 10.1.20.33 255.255.255.0
#
interface Vlanif21
ip address 10.1.21.33 255.255.255.0
#
interface Vlanif31
ip address 10.1.31.33 255.255.255.0
#
interface Vlanif32
ip address 10.1.32.33 255.255.255.0
#
interface Vlanif33
ip address 10.1.33.33 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
traffic-redirect inbound acl 2000 ip-nexthop 10.1.21.13
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 21
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/6
port link-type access
port default vlan 31
#
interface GigabitEthernet0/0/7
port link-type access
port default vlan 32
#
interface GigabitEthernet0/0/8
port link-type access
port default vlan 33
#
ospf 1 router-id 33.33.33.33
area 0.0.0.0
network 10.1.10.0 0.0.0.255
network 10.1.31.0 0.0.0.255
network 10.1.32.0 0.0.0.255
network 10.1.33.0 0.0.0.255

9.4.2 SW4 Configuration

#
sysname SW4
#
interface Vlanif10
ip address 10.1.10.34 255.255.255.0
#
interface Vlanif11
ip address 10.1.11.34 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 11
#
interface GigabitEthernet0/0/7
port link-type access
port default vlan 10
#
ospf 1 router-id 34.34.34.34
area 0.0.0.0
network 10.1.10.0 0.0.0.255
network 10.1.11.0 0.0.0.255
#

9.4.3 FW3 Configuration

#
sysname FW3
#
undo firewall session link-state check
undo firewall ipv6 session link-state check
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.1.20.13 255.255.255.0
link-group 1
undo service-manage enable
#
interface GigabitEthernet1/0/1
undo shutdown
ip address 10.1.21.13 255.255.255.0
link-group 1
undo service-manage enable
#
firewall zone trust
set priority 85
add interface GigabitEthernet1/0/0
#
firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/1
#
firewall interzone trust untrust
apply packet-filter right-manager inbound
#
ip route-static 0.0.0.0 0.0.0.0 10.1.20.33
#
right-manager server-group
default acl 3099
server ip 10.1.31.78 port 3288 shared-key Huawei@123
right-manager server-group enable
right-manager status-detect enable
local ip 10.1.20.13
right-manager authentication url http://10.1.31.78:8084/newauth
#
security-policy
rule name FW3_to_controller
source-zone local
destination-zone trust
source-address 10.1.20.13 mask 255.255.255.255
destination-address 10.1.31.78 mask 255.255.255.255
action permit
rule name FW3_to_users
source-zone local
source-zone trust
destination-zone untrust
action permit
#

9.5 Questions

9.5.1 Questions About Hardware SACG Authentication

10 Software SACG Authentication

10.1 Introduction

10.1.1 About this lab




10.1.2 Objectives



10.1.3 Networking and Service Description

10.1.4 Prerequisites


10.1.5 Experiment Plan

错误未指定书
签。错误未指定书签。
10.2 Configuration Procedure

10.2.1 Configuration Roadmap

10.2.2 Configuration Steps

Step 1
10.3 Verification

10.3.1 Authentication on the terminal

10.3.2 Check User Authentication Information on the Agile
Controller-Campus
10.4 Reference Configuration

10.4.1 SW3 Configuration

#
sysname SW3
#
vlan batch 10 31 to 33

interface Vlanif10
ip address 10.1.10.33 255.255.255.0
#
interface Vlanif31
ip address 10.1.31.33 255.255.255.0
#
interface Vlanif32
ip address 10.1.32.33 255.255.255.0
#
interface Vlanif33
ip address 10.1.33.33 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/6
port link-type access
port default vlan 31
#
interface GigabitEthernet0/0/7
port link-type access
port default vlan 32
#
interface GigabitEthernet0/0/8
port link-type access
port default vlan 33
#
ospf 1 router-id 33.33.33.33
area 0.0.0.0
network 10.1.10.0 0.0.0.255
network 10.1.31.0 0.0.0.255
network 10.1.32.0 0.0.0.255
network 10.1.33.0 0.0.0.255

10.4.2 SW4 Configuration

10.5.1 Questions About Software SACG Authentication

11 Portal Authentication in a Wired
Environment

11.1 Introduction

11.1.1 About this lab

11.1.2 Objectives



11.1.3 Networking and Service Description

11.1.4 Prerequisites

11.1.5 Experiment Plan

11.2 Configuration Procedure

11.2.1 Configuration Roadmap

11.2.2 Configuration Steps

Step 1

[SW4]radius-server template radius

[SW4-aaa]aaa
[SW4-aaa]authentication-scheme radius
[SW4-aaa-authen-radius]authentication-mode radius
[SW4-aaa-authen-radius]quit
[SW4-aaa]accounting-scheme radius
[SW4-aaa-accounting-radius]accounting-mode radius
[SW4-aaa-accounting-radius]quit
[SW4-aaa]domain default
[SW4-aaa-domain-default]authentication-scheme radius
[SW4-aaa-domain-default]accounting-scheme radius
[SW4-aaa-domain-default]radius-server radius
[SW4]web-auth-server portal_auth
[SW4-web-auth-server-portal_auth]server-ip 10.1.31.78
[SW4-web-auth-server-portal_auth]port 50200
[SW4-web-auth-server-portal_auth]shared-key cipher Huawei@123
[SW4-web-auth-server-portal_auth]url http://10.1.31.78:8080/portal

[SW4]interface GigabitEthernet 0/0/1

[SW4-GigabitEthernet0/0/1]authentication portal
[SW4-GigabitEthernet0/0/1]web-auth-server portal_auth direct

[SW4]authentication free-rule 1 destination ip 10.1.31.78 mask

255.255.255.255

<SW4>display radius-server configuration

----------------------------------------------------------------------------
Server-template-name : radius
Protocol-version : standard
Traffic-unit : B
Shared-secret-key : %^%#Tw!jE-"oyO8z"Q2Xe{F'm%_i3hpJnT6g8h-
Bli)3%^%#
Timeout-interval(in second) : 5
Retransmission : 3
EndPacketSendTime : 3
Dead time(in minute) : 5
Domain-included : Original
NAS-IP-Address : 0.0.0.0
Calling-station-id MAC-format : xxxx-xxxx-xxxx
Service-type : -
NAS-IPv6-Address : ::
Server algorithm : master-backup
Authentication Server 1 : 10.1.31.78 Port:1812 Weight:80
Vrf:- LoopBack:NULL
Source IP: ::
Accounting Server 1 : 10.1.31.78 Port:1813 Weight:80
Vrf:- LoopBack:NULL
Source IP: ::
----------------------------------------------------------------------------
Total of radius template :1

<SW4>display web-auth-server configuration

Listening port : 2000
Portal : version 1, version 2
Include reply message : enabled

-----------------------------------------------------------------------------
Web-auth-server Name : portal_auth
IP-address : 10.1.31.78
Shared-key : %^%#;,K8.wry`4cx/q"WEMv,zFxV2rq#J2._"w$|lHJI%^%
Source-IP : -
Port / PortFlag : 50200 / NO
URL : http://10.1.31.78:8080/portal
URL Template :
Redirection : Enable
Sync : Disable
Sync Seconds : 0
Sync Max-times : 0
Detect : Disable
Detect Seconds : 60
Detect Max-times : 3
Detect Critical-num : 0
Detect Action :
Bound Vlanif :
VPN Instance :
Bound Interface :
Bound L2 Interface : GigabitEthernet0/0/1
-----------------------------------------------------------------------------
1 Web authentication server(s) in total

Step 2

,
[SW4]test-aaa user1 Huawei@123 radius-template radius pap
[SW4]
Info: Account user1 succeed.

Step 3
11.3 Verification

11.3.1 Authentication on the terminal

11.3.2 Check the Authorization Result on SW4

<SW4>display access-user
----------------------------------------------------------------------------
UserID Username IP address MAC Status
----------------------------------------------------------------------------
42 1832034456 10.1.11.101 000c-29f5-45d8 Success
----------------------------------------------------------------------------
Total: 1, printed: 1

<SW4>display access-user user-id 42

Basic:
User ID : 42
User name : 1832034456
Domain-name : default
User MAC : 000c-29f5-45d8
User IP address : 10.1.11.101
User vpn-instance : -
User access Interface : GigabitEthernet0/0/1
User vlan event : Success
QinQVlan/UserVlan : 0/11
User access time : 2017/10/16 19:29:15
User accounting session ID : SW40000100000001147708d000117
Option82 information : -
User access type : WEB
Terminal Device Type : Data Terminal
Web-server IP address : 10.1.31.78
Dynamic ACL desc(Effective) :
No. 0: acl 10001 dest-ip 10.1.92.80 dest-ipmask 32 permit
No. 1: acl 10100 dest-ip 0.0.0.0 dest-ipmask 0 deny

AAA:
User authentication type : WEB authentication
Current authentication method : RADIUS
Current authorization method : -
Current accounting method : RADIUS

11.3.3 Check User Authentication Information on the Agile

Controller-Campus
11.4 Reference Configuration

11.4.1 SW3 Configuration

interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/6
port link-type access
port default vlan 31

11.4.2 SW4 Configuration

web-auth-server portal_auth
server-ip 10.1.31.79
port 50200
shared-key cipher Huawei@123
url http://10.1.31.79:8080/portal
#
aaa
authentication-scheme radius
authentication-mode radius
accounting-scheme radius
accounting-mode radius
domain default
authentication-scheme radius
accounting-scheme radius
radius-server radius
#
interface Vlanif10
ip address 10.1.10.34 255.255.255.0
#
interface Vlanif11
ip address 10.1.11.34 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 11
authentication portal
web-auth-server portal_auth direct
#
interface GigabitEthernet0/0/7
port link-type access
port default vlan 10
#
ospf 1 router-id 34.34.34.34
area 0.0.0.0
network 10.1.10.0 0.0.0.255
network 10.1.11.0 0.0.0.255
#
authentication free-rule 1 destination ip 10.1.31.79 mask 255.255.255.255
#

11.5 Questions

11.5.1 Questions About Wired Portal Authentication

12 Portal Authentication in a Wireless
Environment

12.1 Introduction

12.1.1 About this lab

12.1.2 Objectives



12.1.3 Networking and Service Description

12.1.4 Prerequisites

12.1.5 Experiment Plan

12.2 Configuration Procedure

12.2.1 Configuration Roadmap

12.2.2 Configuration Steps

Step 1

[SW4]interface Vlanif13
[SW4-Vlanif13]ip address 10.1.13.34 255.255.255.0

Step 2
[AC6005]vlan batch 13 to 14
[AC6005]interface GigabitEthernet0/0/1
[AC6005-GigabitEthernet0/0/1]port link-type trunk
[AC6005-GigabitEthernet0/0/1]port trunk allow-pass vlan 13 to 14
[AC6005]interface Vlanif13
[AC6005-Vlanif13]ip address 10.1.13.254 255.255.255.0
[AC6005]interface Vlanif14
[AC6005-Vlanif14]ip address 10.1.14.254 255.255.255.0

[AC6005]ospf 1
[AC6005-ospf-1]area 0
[AC6005-ospf-1-area-0.0.0.0]network 10.1.13.0 0.0.0.255
[AC6005-ospf-1-area-0.0.0.0]network 10.1.14.0 0.0.0.255

[AC6005]interface Vlanif13
[AC6005-Vlanif13]dhcp select interface
[AC6005]interface Vlanif14
[AC6005-Vlanif14]dhcp select interface

[AC6005]display port vlan

[AC6005]display ip interface brief

Interface IP Address/Mask Physical Protocol

LoopBack0 41.41.41.41/32 up up(s)
NULL0 unassigned up up(s)
Vlanif1 169.254.1.1/16 up up
Vlanif13 10.1.13.254/24 up up
Vlanif14 10.1.14.254/24 up up

<AC6005>ping 10.1.31.79
PING 10.1.31.79: 56 data bytes, press CTRL_C to break
Reply from 10.1.31.79: bytes=56 Sequence=1 ttl=126 time=1 ms
Reply from 10.1.31.79: bytes=56 Sequence=2 ttl=126 time=1 ms
Reply from 10.1.31.79: bytes=56 Sequence=3 ttl=126 time=1 ms
Reply from 10.1.31.79: bytes=56 Sequence=4 ttl=126 time=1 ms
Reply from 10.1.31.79: bytes=56 Sequence=5 ttl=126 time=1 ms

--- 10.1.31.79 ping statistics ---

5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/1 ms

[AC6005]capwap source interface vlanif 13

[AC6005]wlan
[AC6005-wlan-view]ap auth-mode mac-auth
[AC6005-wlan-view]ap-mac 4cfa-cabf-d520 ap-id 0 ap-sn 21500826412SG8919936
[AC6005-wlan-ap-0]ap-group ap-group1
[AC6005-wlan-ap-0]ap-name ap0
<AC6005>display ap all
Total AP information:
nor : normal [1]
-----------------------------------------------------------------------------
ID MAC Name Group IP Type State STA Uptime
-----------------------------------------------------------------------------
0 4cfa-cabf-d520 ap0 ap-group1 10.1.13.253 AP4030DN nor 0 12S
-----------------------------------------------------------------------------

[AC6005-wlan-view]security-profile name portal_authen

[AC6005-wlan-sec-prof-portal_authen]quit

[AC6005-wlan-view]ssid-profile name portal_authen

[AC6005-wlan-ssid-prof-portal_authen]ssid portal_authen
Warning: This action may cause service interruption. Continue?[Y/N]y

[AC6005-wlan-view]vap-profile name portal_authen

[AC6005-wlan-vap-prof-portal_authen]forward-mode tunnel
Warning: This action may cause service interruption. Continue?[Y/N]y
[AC6005-wlan-vap-prof-portal_authen]service-vlan vlan-id 14
[AC6005-wlan-vap-prof-portal_authen]security-profile portal_authen
[AC6005-wlan-vap-prof-portal_authen]ssid-profile portal_authen

[AC6005-wlan-view]ap-group name ap-group1

[AC6005-wlan-ap-group-ap-group1]vap-profile portal_authen wlan 3 radio all

<AC6005>display vap ssid portal_authen

WID : WLAN ID
-----------------------------------------------------------------------------
AP ID AP name RfID WID SSID BSSID Status Auth type
STA
-----------------------------------------------------------------------------
0 ap0 0 3 portal_authen 4CFA-CABF-D522 ON Open+Portal 1
0 ap0 1 3 portal_authen 4CFA-CABF-D532 ON Open+Portal 1
-----------------------------------------------------------------------------

Step 3

[AC6005]radius-server template radius

[AC6005-radius-radius]radius-server authentication 10.1.31.79 1812
[AC6005-radius-radius]radius-server accounting 10.1.31.79 1813
[AC6005-radius-radius]radius-server shared-key cipher Huawei@123
[AC6005-radius-radius]radius-server user-name original
[AC6005]radius-server authorization 10.1.31.79 shared-key cipher Huawei@123

[AC6005]aaa
[AC6005-aaa]authentication-scheme radius
[AC6005-aaa-authen-radius]authentication-mode radius
[AC6005-aaa]accounting-scheme radius
[AC6005-aaa-accounting-radius]accounting-mode radius

[AC6005]url-template name Portal_auth

[AC6005-url-template-Portal_auth]url http://10.1.31.79:8080/portal
[AC6005-url-template-Portal_auth]url-parameter ssid ssid redirect-url url

[AC6005]web-auth-server Portal_auth
[AC6005-web-auth-server-Portal_auth]server-ip 10.1.31.79
[AC6005-web-auth-server-Portal_auth]port 50200
[AC6005-web-auth-server-Portal_auth]shared-key cipher Huawei@123
[AC6005-web-auth-server-Portal_auth]url-template Portal_auth

[AC6005]free-rule-template name default_free_rule

[AC6005-free-rule-default_free_rule]free-rule 1 destination ip 10.1.31.79
mask 24

[AC6005]mac-access-profile name mac_access_profile

[AC6005-mac-access-profile-mac_access_profile]quit
[AC6005]portal-access-profile name portal_access_profile
[AC6005-portal-access-profile-portal_access_profile]web-auth-server
Portal_auth direct
[AC6005-portal-access-profile-portal_access_profile]quit

[AC6005]authentication-profile name macportal_authen_profile

[AC6005-authentication-profile-macportal_authen_profile]mac-access-profile
mac_access_profile
[AC6005-authentication-profile-macportal_authen_profile]portal-access-profile
portal_access_profile
[AC6005-authentication-profile-macportal_authen_profile]free-rule-template
default_free_rule
[AC6005-authentication-profile-macportal_authen_profile]authentication-scheme
radius
[AC6005-authentication-profile-macportal_authen_profile]accounting-scheme
radius
[AC6005-authentication-profile-macportal_authen_profile]radius-server radius

[AC6005]wlan
[AC6005-wlan-view]vap-profile name portal_authen
[AC6005-wlan-vap-prof-portal_authen]authentication-profile
macportal_authen_profile
Warning: This action may cause service interruption. Continue?[Y/N]y

Step 4
[AC6005]test-aaa user1 Admin@123 radius-template radius pap
Info: Account test succeed.
12.3 Verification

12.3.1 Authentication on the terminal

12.3.2 Check User Authentication Information on the AC

<AC6005> display access-user

----------------------------------------------------------------------------
UserID Username IP address MAC Status
----------------------------------------------------------------------------
59 developer1 10.1.14.253 3c91-57ae-fcb9 Success
----------------------------------------------------------------------------
Total: 1, printed: 1

<AC6005> display access-user user-id 59

Basic:
User ID : 59
User name : developer1
User MAC : 3c91-57ae-fcb9
User IP address : 10.1.14.253
User vpn-instance : -
User IPv6 address : -
User access Interface : Wlan-Dbss1
User vlan event : Success
QinQVlan/UserVlan : 0/14
User access time : 2017/10/29 01:30:36
User accounting session ID : AC600500000000000014a52a6d000059
Option82 information : -
User access type : WEB
AP name : ap0
Radio ID : 0
AP MAC : 4cfa-cabf-d520
SSID : portal_authen
Online time : 141(s)
Web-server IP address : 10.1.31.79
Dynamic ACL desc(Effective) :
No. 0: acl 10001 dest-ip 10.1.92.80 dest-ipmask 32 permit
No. 1: acl 10100 dest-ip 0.0.0.0 dest-ipmask 0 deny

AAA:
User authentication type : WEB authentication
Current authentication method : RADIUS
Current authorization method : -
Current accounting method : RADIUS

12.3.3 Check User Authentication Information on the Agile

Controller-Campus
12.4 Reference Configuration

12.4.1 SW3 Configuration

#
sysname SW3
#
vlan batch 10 31 to 32

12.4.2 SW4 Configuration

ospf 1
area 0.0.0.0
network 10.1.13.0 0.0.0.255
network 10.1.14.0 0.0.0.255
#
undo snmp-agent
#
stelnet server enable
undo telnet ipv6 server enable
ssh server secure-algorithms cipher aes256_ctr aes128_ctr aes256_cbc aes128
3des
ssh server secure-algorithms hmac sha2_256 sha2_256_96 sha1 sha1_96 md5
md5_96
ssh client secure-algorithms cipher aes256_ctr aes128_ctr aes256_cbc aes128
3des
ssh client secure-algorithms hmac sha2_256 sha2_256_96 sha1 sha1_96 md5
md5_96
#
capwap source interface vlanif13
#
wlan
traffic-profile name default
security-profile name default
security-profile name default-wds
security wpa2 psk pass-
phrase %^%#U9#%Tu'P(2wIMm8Kxx<!~.KEH7LW:7+h!"/UzOeA%^%aes
security-profile name default-mesh
security wpa2 psk pass-
phrase %^%#CdsG$Qj:@C}x~S#.5]*Wh8RN*:[r4$"XY]5`A5LP%^%aes
security-profile name portal_authen
ssid-profile name default
ssid-profile name portal_authen
ssid portal_authen
vap-profile name default
vap-profile name portal_authen
forward-mode tunnel
service-vlan vlan-id 14
ssid-profile portal_authen
security-profile portal_authen
authentication-profile macportal_authen_profile
wds-profile name default
mesh-handover-profile name default
mesh-profile name default
regulatory-domain-profile name default
regulatory-domain-profile name domain1
air-scan-profile name default
rrm-profile name default
radio-2g-profile name default
radio-5g-profile name default
wids-profile name default
ap-system-profile name default
provision-ap
port-link-profile name default
wired-port-profile name default
ap-group name default
ap-group name ap-group1
regulatory-domain-profile domain1
radio 0
vap-profile portal_authen wlan 3
radio 1
vap-profile portal_authen wlan 3
ap-id 0 type-id 43 ap-mac 4cfa-cabf-d520 ap-sn 21500826412SG8919936
ap-name ap0
ap-group ap-group1
#
Return

12.5 Questions

12.5.1 Questions About Wireless Portal Authentication

13 Free Mobility

13.1 Introduction

13.1.1 About this lab

13.1.2 Objectives



13.1.3 Networking and Service Description

13.1.4 Prerequisites

13.1.5 Experiment Plan

——

——


13.2 Configuration Procedure

13.2.1 Configuration Roadmap

13.2.2 Configuration Steps
Step 1

[SW4]radius-server template radius

[SW4-radius-radius]radius-server shared-key cipher Huawei@123
[SW4-radius-radius]radius-server authentication 10.1.31.79 1812 weight 80
[SW4-radius-radius]radius-server accounting 10.1.31.79 1813 weight 80
[SW4]radius-server authorization 10.1.31.79 shared-key cipher Huawei@123

[SW4]web-auth-server portal_auth
[SW4-web-auth-server-portal_auth]server-ip 10.1.31.79
[SW4-web-auth-server-portal_auth]port 50200
[SW4-web-auth-server-portal_auth]shared-key cipher Huawei@123
[SW4-web-auth-server-portal_auth]url http://10.1.31.79:8080/portal

[SW4]dot1x authentication-method eap

[SW4]interface GigabitEthernet 0/0/1
[SW4-GigabitEthernet0/0/1]authentication dot1x portal
[SW4-GigabitEthernet0/0/1]web-auth-server portal_auth direct

[SW4]authentication free-rule 1 destination ip 10.1.31.79 mask

255.255.255.255

Step 2
Choose
a

[SW4]test-aaa user1 Huawei@123 radius-template radius pap

Info: Account user1 succeed.
Step 3

[SW4]group-policy controller 10.1.31.79 password Huawei@123 src-ip 10.1.10.34

<SW4>display group-policy status
Controller IP address: 10.1.31.79
Controller port: 5222
Backup controller IP address: -
Backup controller port: -
Source IP address: 10.1.10.34
State: working
Connected controller: master
Device protocol version: 2
Controller protocol version: 2
<SW4>display ucl-group all
ID UCL group name
--------------------------------------------------------------
1 VIP
2 Common_user
5 Mail_Server
6 Internet_WWW
--------------------------------------------------------------

<SW4>display acl all

Total nonempty ACL number is 3
Advanced ACL Auto_PGM_OPEN_POLICY 3999, 0 rule
Acl's step is 5

Ucl-group ACL Auto_PGM_U2 9996, 1 rule

Acl's step is 5
rule 1 permit ip source ucl-group name Common_user destination ucl-group
name Mail_Server (match-counter 0)

Ucl-group ACL Auto_PGM_U1 9997, 2 rules

Acl's step is 5
rule 1 permit ip source ucl-group name VIP destination ucl-group name
Mail_Server (match-counter 0)
rule 2 permit ip source ucl-group name VIP destination ucl-group name
Internet_WWW (match-counter 0)

Ucl-group ACL Auto_PGM_U0 9998, 1 rule

Acl's step is 5
rule 1 deny ip source ucl-group 0 (match-counter 0)

Ucl-group ACL Auto_PGM_PREFER_POLICY 9999, 0 rule

Acl's step is 5

13.3 Verification

13.3.1 Authentication on the terminal

13.3.2 Check User Authentication Information on SW4
[SW4]display access-user
----------------------------------------------------------------------------
UserID Username IP address MAC Status
----------------------------------------------------------------------------
51 VIP 10.1.11.101 000c-29f5-45d8 Success
----------------------------------------------------------------------------
Total: 1, printed: 1
Number of user-group car : 1

[SW4]dispaly access-user user-id 51

Basic:
User ID : 51
User name : VIP
Domain-name : default
User MAC : 000c-29f5-45d8
User IP address : 10.1.11.101
User vpn-instance : -
User access Interface : GigabitEthernet0/0/1
User vlan event : Success
QinQVlan/UserVlan : 0/11
User access time : 2017/10/30 13:19:21
User accounting session ID : SW400001000000011abe03d000051
Option82 information : -
User access type : 802.1x
Terminal Device Type : Data Terminal
Dynamic group index(Effective) : 1
Dynamic group name(Effective) : VIP
User inbound CAR CIR(Kbps) : 2048
User inbound CAR PIR(Kbps) : 2048
User inbound CAR CBS(Byte) : 385024
User inbound CAR PBS(Byte) : 385024
User inbound data flow(Packet) : 6,126
User inbound data flow(Byte) : 428,937
User outbound CAR CIR(Kbps) : 4096
User outbound CAR PIR(Kbps) : 4096
User outbound CAR CBS(Byte) : 770048
User outbound CAR PBS(Byte) : 770048
User outbound data flow(Packet) : 0
User outbound data flow(Byte) : 0

AAA:
User authentication type : 802.1x authentication
Current authentication method : RADIUS
Current authorization method : -
Current accounting method : RADIUS

13.3.3 Check User Authentication Information on the Agile

Controller-Campus
13.4 Reference Configuration

13.4.1 SW3 Configuration

13.4.2 SW4 Configuration

#
sysname SW4
#
vlan batch 10 to 14
#
ucl-group 1 name VIP
ucl-group 2 name Common_user
ucl-group 3 name Mail_Server
ucl-group 4 name Internet_WWW
ucl-group ip 10.1.32.75 32 name Mail_Server
ucl-group ip 10.1.92.80 32 name Internet_WWW
#
telnet server enable
#
dot1x authentication-method eap
#
group-policy controller 10.1.31.79 password Huawei@123 src-ip 10.1.10.34
#
radius-server template default
radius-server template radius
radius-server shared-key cipher Huawei@123
radius-server authentication 10.1.31.79 1812 weight 80
radius-server accounting 10.1.31.79 1813 weight 80
radius-server authorization 10.1.31.79 shared-key cipher Huawei@123
#
acl name Auto_PGM_OPEN_POLICY 3999
#
acl name Auto_PGM_U2 9996
rule 1 permit ip source ucl-group name Common_user destination ucl-group
name Mail_Server
acl name Auto_PGM_U1 9997
rule 1 permit ip source ucl-group name VIP destination ucl-group name
Mail_Server
rule 2 permit ip source ucl-group name VIP destination ucl-group name
Internet_WWW
acl name Auto_PGM_U0 9998
rule 1 deny ip source ucl-group 0
acl name Auto_PGM_PREFER_POLICY 9999
#
web-auth-server portal_auth
server-ip 10.1.31.79
port 50200
shared-key cipher Huawei@123
url http://10.1.31.79:8080/portal
#
drop-profile default
#
aaa
authentication-scheme default
authentication-scheme radius
authentication-mode radius
authorization-scheme default
accounting-scheme default
accounting-scheme radius
accounting-mode radius
domain default
authentication-scheme radius
accounting-scheme radius
radius-server radius
domain default_admin
local-user admin password irreversible-
cipher %^%#Z|')<CN.).%Op!G{#]^>nhSdTk4MtFo$tTU&cvTR=7B@YiWj"Oo()W.$hV}H%^%#
local-user admin privilege level 15
local-user admin service-type terminal
#
interface Vlanif10
ip address 10.1.10.34 255.255.255.0
#
interface Vlanif11
ip address 10.1.11.34 255.255.255.0
#
interface Vlanif12
ip address 10.1.12.34 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 11
authentication dot1x portal
web-auth-server portal_auth direct
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 12
authentication dot1x portal
web-auth-server portal_auth direct
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 12
authentication dot1x portal
web-auth-server portal_auth direct
#
interface GigabitEthernet0/0/7
port link-type access
port default vlan 10
#
ospf 1
area 0.0.0.0
network 10.1.10.0 0.0.0.255
network 10.1.11.0 0.0.0.255
network 10.1.12.0 0.0.0.255
#
authentication free-rule 1 destination ip 10.1.31.79 mask 255.255.255.255
#

13.5 Question

13.5.1 Questions About Free Mobility

14 Terminal Security Management

14.1 Introduction

14.1.1 About this lab

14.1.2 Objectives



14.1.3 Networking and Service Description

14.1.4 Prerequisites

14.1.5 Experiment Plan

——

14.2 Configuration Procedure

14.2.1 Configuration Roadmap

14.2.2 Configuration Steps

Step 1

[SW4]radius-server template radius

[SW4]interface GigabitEthernet 0/0/1

[SW4-GigabitEthernet0/0/1]authentication dot1x

[SW4]authentication free-rule 1 destination ip 10.1.31.79 mask

255.255.255.255

<SW4>display radius-server configuration

----------------------------------------------------------------------------
Server-template-name : radius
Protocol-version : standard
Traffic-unit : B
Shared-secret-key : %^%#Tw!jE-"oyO8z"Q2Xe{F'm%_i3hpJnT6g8h-
Bli)3%^%#
Timeout-interval(in second) : 5
Retransmission : 3
EndPacketSendTime : 3
Dead time(in minute) : 5
Domain-included : Original
NAS-IP-Address : 0.0.0.0
Calling-station-id MAC-format : xxxx-xxxx-xxxx
Service-type : -
NAS-IPv6-Address : ::
Server algorithm : master-backup
Authentication Server 1 : 10.1.31.79 Port:1812 Weight:80
Vrf:- LoopBack:NULL
Source IP: ::
Accounting Server 1 : 10.1.31.79 Port:1813 Weight:80
Vrf:- LoopBack:NULL
Source IP: ::
----------------------------------------------------------------------------
Total of radius template :1

Step 2
[SW4]test-aaa user1 Huawei@123 radius-template radius pap
[SW4]
Info: Account user1 succeed.
14.3 Verification

14.3.1 Authentication on the terminal

[SW4]display access-user
----------------------------------------------------------------------------
UserID Username IP address MAC Status
----------------------------------------------------------------------------
24 tony 10.1.11.250 000c-293d-08d5 Pre-authen
----------------------------------------------------------------------------
Total: 1, printed: 1

[SW4]display access-user user-id 24

Basic:
User ID : 24
User name : tony
Domain-name : -
User MAC : 000c-293d-08d5
User IP address : 10.1.11.250
User vpn-instance : -
User access Interface : GigabitEthernet0/0/1
User vlan event : Pre-authen
QinQVlan/UserVlan : 0/11
User access time : 2017/10/31 10:13:22
Option82 information : -
User access type : None
Terminal Device Type : Data Terminal

AAA:
User authentication type : No authentication
Current authentication method : -
Current authorization method : Local
Current accounting method : None
<SW4>display access-user
----------------------------------------------------------------------------
UserID Username IP address MAC Status
----------------------------------------------------------------------------
24 tony 10.1.11.250 000c-293d-08d5 Success
----------------------------------------------------------------------------
Total: 1, printed: 1

<SW4>dis access-user user-id 24

Basic:
User ID : 24
User name : tony
Domain-name : default
User MAC : 000c-293d-08d5
User IP address : 10.1.11.250
User vpn-instance : -
User access Interface : GigabitEthernet0/0/1
User vlan event : Success
QinQVlan/UserVlan : 0/11
User access time : 2017/10/31 10:57:12
User accounting session ID : SW400001000000011f58573000024
Option82 information : -
User access type : 802.1x
Terminal Device Type : Data Terminal
Dynamic ACL desc(Effective) :
No. 0: acl 10001 dest-ip 10.1.32.74 dest-ipmask 32 permit
No. 1: acl 10002 dest-ip 10.1.92.80 dest-ipmask 32 permit
No. 2: acl 10100 dest-ip 0.0.0.0 dest-ipmask 0 deny

AAA:
User authentication type : 802.1x authentication
Current authentication method : RADIUS
Current authorization method : -
Current accounting method : RADIUS

14.4 Reference Configuration

14.4.1 SW3 Configuration

#
sysname SW3
#
vlan batch 10 31 to 32
#
interface Vlanif10
ip address 10.1.10.33 255.255.255.0
#
interface Vlanif31
ip address 10.1.31.33 255.255.255.0
#
interface Vlanif32
ip address 10.1.32.33 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/6
port link-type access
port default vlan 31
#
interface GigabitEthernet0/0/7
port link-type access
port default vlan 32
#
ospf 1 router-id 33.33.33.33
area 0.0.0.0
network 10.1.10.0 0.0.0.255
network 10.1.31.0 0.0.0.255
network 10.1.32.0 0.0.0.255
#

14.4.2 SW4 Configuration

#
sysname SW4
#
dot1x authentication-method eap
#
radius-server template radius
radius-server shared-key cipher Huawei@123
radius-server authentication 10.1.31.79 1812 weight 80
radius-server accounting 10.1.31.79 1813 weight 80
radius-server authorization 10.1.31.79 shared-key cipher Huawei@123
#
aaa
authentication-scheme radius
authentication-mode radius
accounting-scheme radius
accounting-mode radius
domain default
authentication-scheme radius
accounting-scheme radius
radius-server radius
#
interface Vlanif10
ip address 10.1.10.34 255.255.255.0
#
interface Vlanif11
ip address 10.1.11.34 255.255.255.0
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 11
authentication dot1x
#
ospf 1 router-id 34.34.34.34
area 0.0.0.0
network 10.1.10.0 0.0.0.255
network 10.1.11.0 0.0.0.255
#
authentication free-rule 1 destination ip 10.1.31.79 mask 255.255.255.255
#
14.5 Question

14.5.1 Questions About Terminal Security Management

15 Network Resource Management

15.1 Introduction

15.1.1 About this lab

15.1.2 Objectives





15.1.3 Networking and Service Description

15.1.4 Prerequisites

15.1.5 Experiment Plan

15.2 Configuration Procedure

15.2.1 Configuration Roadmap

15.2.2 Configuration Steps
Step 1

Step 2

<SW3>system-view
[SW3]snmp-agent
[SW3]snmp-agent sys-info version v2c
[SW3]snmp-agent mib-view included iso-view iso
[SW3]snmp-agent community read Huawei@123 mib-view iso-view
[SW3]snmp-agent community write Admin@123 mib-view iso-view
[SW3]snmp-agent target-host trap address udp-domain 172.21.20.77 params
securityname adminnms v2c
[SW3]snmp-agent trap enable
Warning: All switches of SNMP trap/notification will be open. Continue?
[Y/N]:y

<SW4>system-view
[SW4]snmp-agent
[SW4]snmp-agent sys-info version v2c
[SW4]snmp-agent mib-view included isoview iso
[SW4]snmp-agent community read Huawei@123 mib-view iso-view
[SW4]snmp-agent community write Admin@123 mib-view iso-view
[SW4]snmp-agent target-host trap address udp-domain 172.21.20.77 params
securityname adminnms v2c
[SW4]snmp-agent trap enable
Warning: All switches of SNMP trap/notification will be open. Continue?
[Y/N]:y

<AC6005>system-view
[AC6005]snmp-agent
[AC6005]snmp-agent sys-info version v2c
[AC6005]snmp-agent mib-view iso-view include iso
[AC6005]snmp-agent community read Huawei@123 mib-view iso-view
[AC6005]snmp-agent community write Admin@123 mib-view iso-view
[AC6005]snmp-agent target-host trap-paramsname trapnms v2c securityname
adminnms
[AC6005]snmp-agent target-host trap-hostname nms address 172.21.20.77 trap-
paramsname trapnms
[AC6005]snmp-agent trap enable
Info: All switches of SNMP trap/notification will be open. Continue? [Y/N]:y
<FW3>system-view
[FW3]interface GigabitEthernet 0/0/0
[FW3-GigabitEthernet0/0/0]service-manage enable
[FW3-GigabitEthernet0/0/0]service-manage snmp permit
[FW3-GigabitEthernet0/0/0]service-manage telnet permit
[FW3-GigabitEthernet0/0/0]quit
[FW3]snmp-agent
[FW3]snmp-agent sys-info version v2c
[FW3]snmp-agent mib-view included iso-view iso
[FW3]snmp-agent community read Huawei@123 mib-view iso-view
[FW3]snmp-agent community write Admin@123 mib-view iso-view
[FW3]snmp-agent target-host trap address udp-domain 172.21.20.77 params
securityname adminnms v2c
[FW3]snmp-agent trap enable
Warning: All switches of SNMP trap/notification will be open. Continue?
[Y/N]:y

Step 3
Step 4
15.3 Verification

15.3.1 Check Topology

15.4 Reference Configuration

15.4.1 SW3 Configuration

#
sysname SW3
#
telnet server enable
#
lldp enable
#
interface MEth0/0/1
ip address 172.21.20.33 255.255.0.0
#
snmp-agent
snmp-agent local-engineid 800007DB03CC53B5EF4DB0
snmp-agent community read
cipher %$%$IM<H$8je^+K!\!6HCci;T1AUg`{,%E)W4VBW!8Zwr,K,1AXTVdu^3Y&c:EN~.>N%j/
$GAaT1%$%$ mib-view iso-view
snmp-agent community write cipher %$%$O!gM-
cn0YCHP0$K!%JwMSQ1QWOBt!}1kYI3Asv#HthuHQ1TS+9e/.##*/!r'Sh9"hsKU1]SQ%$%$ mib-
view iso-view
snmp-agent sys-info version v2c v3
snmp-agent target-host trap address udp-domain 172.21.20.77 params
securityname cipher %@%@`S0uEyw8!#G:E^Yvy48#SRK6%@%@ v2c
snmp-agent mib-view included iso-view iso
snmp-agent trap enable
#
user-interface vty 0 4
authentication-mode password
user privilege level 15
set authentication password
cipher %@%@@,5K;O*`h!kLhAZvv|b96gMG8f3KBJ)#N&(6kS*g]h7MgMJ6%@%@
#
return
15.4.2 SW4 Configuration
#
sysname SW4
#
telnet server enable
#
lldp enable
#
interface MEth0/0/1
ip address 172.21.20.34 255.255.0.0
#
snmp-agent
snmp-agent local-engineid 800007DB03C81FBEB63DF0
snmp-agent community read cipher %^%#{){)J@5~J,v:-
oMu\%$FHp$1WXQG80QFF'FOeL|$tJQz!}KqOG`.gmJ:s7i0&{`[~Q`J%P'<QLAd;'2V%^%# mib-
view iso-view
snmp-agent community write
cipher %^%#Os$OOn3WC)4%JJ%<!)oAPF$W9\xg3.e%~{>:~=u-
C2rlWY@6e<}yqC.Zp`$4\47R#f64g=V5rO,"AEEP%^%# mib-view iso-view
snmp-agent sys-info version v2c v3
snmp-agent target-host trap address udp-domain 172.21.20.77 params
securityname cipher %^%#^%o"LOGs]8K2to22aq:-."5)2s"LD"7r~8Z7Hb'N%^%# v2c
snmp-agent mib-view included isoview iso
snmp-agent mib-view included iso-view iso
snmp-agent extend error-code enable
snmp-agent trap enable
#
user-interface vty 0 4
authentication-mode password
user privilege level 15
set authentication password cipher $1a$Iy}lY5w#DK$N$m-
0BE>A4~QKRT_0fU*^t=>W@m"&/,R|x&1OS<Q$
protocol inbound all
#
Return

15.4.3 AC Configuration
#
sysname AC
#
vlan batch 13 to 14 4090
#
lldp enable
#
interface Vlanif4090
ip address 172.21.20.41 255.255.0.0
#
interface GigabitEthernet0/0/8
port link-type access
port default vlan 4090
#
snmp-agent local-engineid 800007DB03C81FBE7FD79A
snmp-agent community
read %^%#rlveFQu@];EY>lQ1Z[PLjvC%*G%4g>_.L=G[esW0+t"MRRCKq%{"CQKAT6D;#V'3T_Y/
!E2M[_MpN]n<%^%# mib-view iso-view
snmp-agent community write %^%#|5^w#nlqH>Mp2w-NZ:S7(^qXO%U)-
3@IpDX56EF@GW]9Cdv8n+o9fQ>$QCBQI5CS/o<::L4@=B<CaGV6%^%# mib-view iso-view
snmp-agent sys-info version v2c
snmp-agent target-host trap-hostname nms address 172.21.20.77 udp-port 162
trap-paramsname trapnms
snmp-agent target-host trap-paramsname trapnms v2c
securityname %^%#{}z`Q+s/VFVi*W5;<9WEpS"q4t4vmC|&5eOKA^G(%^%#
snmp-agent mib-view iso-view include iso
snmp-agent trap enable
snmp-agent
#
user-interface vty 0 4
authentication-mode password
user privilege level 15
set authentication password cipher %^%#GR-cPe|,4M%*[BSDdghX@iDlXp/|q-
Od"}DIak(S'2A$1;Ozb0eLP+0z(q~!%^%#
protocol inbound all
user-interface vty 16 20
protocol inbound all
$
Return

15.4.4 FW3 Configuration

#
sysname FW3
#
lldp enable
#
manager-user admin
password cipher @%@%kmn6P:ZfdO@Y|)%<qyc11B1/tMlJ~BpBs<0vE6&k:qT.B121@%@%
service-type web terminal telnet
level 15
#
interface GigabitEthernet0/0/0
undo shutdown
ip binding vpn-instance default
ip address 172.21.20.13 255.255.0.0
lldp enable
lldp tlv-enable basic-tlv all
service-manage http permit
service-manage https permit
service-manage ping permit
service-manage snmp permit
service-manage telnet permit
#
snmp-agent
snmp-agent local-engineid 800007DB032C9D1E2BEC63
snmp-agent community read
cipher %^%#]Pb3(C<Qf<[AdCD%..Y:UKWA&v:;,1"'U_M:H8+NmA<)JqmMCKup>#D:pJxF{j4,"U
mTJDP-m^Yf<vP"%^%# mib-view iso-view
snmp-agent community write cipher %^%#[%v!Ih"6"8KUJqPja8tX+*${-
1pP813Vf{BkHBL<8$cg&A>]N2_2'2TM44qF8Vtl/ZS,6Lhz]X6bPGR>%^%# mib-view iso-view
snmp-agent sys-info version v2c v3
snmp-agent target-host trap address udp-domain 172.21.20.77 params
securityname cipher %^%#o5DGRfT`Y$C->PI6jB^&Y[d<5D*IeHZoU8My+u"@%^%# v2c
snmp-agent mib-view included iso-view iso
snmp-agent trap enable
#
user-interface vty 0 4
authentication-mode aaa
user privilege level 15
protocol inbound all
#
Return
16 Secure Center Management

16.1 Introduction

16.1.1 About this lab

16.1.2 Objectives




16.1.3 Networking and Service Description

16.1.4 Prerequisites
16.1.5 Experiment Plan

16.2 Configuration Procedure

16.2.1 Configuration Roadmap

16.2.2 Configuration Steps

Step 1
Step 2

<FW1>system-view
[FW1]interface GigabitEthernet 0/0/0
[FW1-GigabitEthernet0/0/0]service-manage enable
[FW1-GigabitEthernet0/0/0]service-manage snmp permit
[FW1-GigabitEthernet0/0/0]service-manage telnet permit
[FW1-GigabitEthernet0/0/0]quit
[FW1]snmp-agent
[FW1]snmp-agent sys-info version v2c
[FW1]snmp-agent mib-view included iso-view iso
[FW1]snmp-agent community read Huawei@123 mib-view iso-view
[FW1]snmp-agent community write Admin@123 mib-view iso-view
[FW1]snmp-agent target-host trap address udp-domain 172.21.20.77 params
securityname adminnms v2c
[FW1]snmp-agent trap enable
Warning: All switches of SNMP trap/notification will be open. Continue?
[Y/N]:y

<FW2>system-view
[FW2]interface GigabitEthernet 0/0/0
[FW2-GigabitEthernet0/0/0]service-manage enable
[FW2-GigabitEthernet0/0/0]service-manage snmp permit
[FW2-GigabitEthernet0/0/0]service-manage telnet permit
[FW2-GigabitEthernet0/0/0]quit
[FW2]snmp-agent
[FW2]snmp-agent sys-info version v2c
[FW2]snmp-agent mib-view included iso-view iso
[FW2]snmp-agent community read Huawei@123 mib-view iso-view
[FW2]snmp-agent community write Admin@123 mib-view iso-view
[FW2]snmp-agent target-host trap address udp-domain 172.21.20.77 params
securityname adminnms v2c
[FW2]snmp-agent trap enable
Warning: All switches of SNMP trap/notification will be open. Continue?
[Y/N]:y

[FW3]aaa
[FW3-aaa]manager-user netconfuser
[FW3-aaa-manager-user-netconfuser]password cipher Huawei@123
[FW3-aaa-manager-user-netconfuser]service-type api
[FW3-aaa-manager-user-netconfuser]level 15
[FW3-aaa-manager-user-netconfuser]quit
[FW3-aaa]quit
[FW3]api
[FW3-api]api netconf port 1025
[FW3-api]api netconf enable
[FW3-api]quit
Step 3
Business > Security Business > Secure Center

Device Management Device

Device Sync > Sync

Step 4

C:\Users\admin>ping 10.1.20.33

Pinging 10.1.20.33 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 10.1.20.33:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
[FW3]firewall zone trust
[FW3-zone-trust]add interface GigabitEthernet 1/0/2
[FW3-zone-trust]quit
[FW3]firewall zone untrust
[FW3-zone-untrust]add interface GigabitEthernet 1/0/0
[FW3-zone-untrust]quit

[SW3]ip route-static 0.0.0.0 0 10.1.20.13

Policy Management > Security Policy

<FW3>display security-policy rule all
2018-01-31 09:04:31.390 +08:00
Total:2
RULE ID RULE NAME STATE ACTION HITS
-----------------------------------------------------------------------------
1 security enable permit 0
0 default enable deny 47790

16.3 Verification

C:\Users\admin>ping 10.1.20.33

Pinging 10.1.20.33 with 32 bytes of data:

Reply from 10.1.20.33: bytes=32 time=1ms TTL=253
Reply from 10.1.20.33: bytes=32 time=1ms TTL=253
Reply from 10.1.20.33: bytes=32 time=1ms TTL=253
Reply from 10.1.20.33: bytes=32 time=1ms TTL=253

Ping statistics for 10.1.20.33:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms

16.4 Reference Configuration

16.4.1 SW3 Configuration

#
sysname SW3
#
vlan batch 20
#
interface Vlanif20
ip address 10.1.20.33 255.255.255.0
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 20
#
ip route-static 0.0.0.0 0.0.0.0 10.1.20.13
#
return

16.4.2 FW3 Configuration

#
sysname FW3
#
manager-user netconfuser
password cipher @%@%{;fp-ApP$!OX<mH;rXL"I.(Vd*1"MY*zt1Wv=t0RO>)&.(YI@%@%
service-type api
level 15
#
interface GigabitEthernet0/0/0
undo shutdown
ip binding vpn-instance default
ip address 172.21.20.13 255.255.0.0
lldp enable
lldp tlv-enable basic-tlv all
service-manage http permit
service-manage https permit
service-manage ping permit
service-manage snmp permit
service-manage netconf permit
#
interface GigabitEthernet1/0/0
undo shutdown
ip address 10.1.20.13 255.255.255.0
service-manage ping permit
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.25.13 255.255.255.0
service-manage ping permit
#
firewall zone trust
set priority 85
add interface GigabitEthernet1/0/2
#
firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/0
#
#
snmp-agent
snmp-agent local-engineid 800007DB032C9D1E2BEC63
snmp-agent community read cipher %^%#[XfvF}kgw@B=^A=`SkuG-
<4J2sQ7K1~sGX'{>Yz.TKIS23TlyVv-i1K#n8_#fp|6G,/w\6oFz^$tB'>A%^%# mib-view iso-
view
snmp-agent community write
cipher %^%#~7dXRF&BD4gZra$R64%BzZRU%~}Wt:*p|xD^;+rQwGRc+{|$tH(DYtRN&x+33F2w>m
el^~$jH|W^KCQ<%^%# mib-view iso-view
snmp-agent sys-info version v2c v3
snmp-agent target-host trap address udp-domain 172.21.20.77 params
securityname cipher %^%#7l[p!MxDa('~q~;v7Q@:~)Fb+dr|BQgfg6JI<SZ,%^%# v2c
snmp-agent mib-view included iso-view iso
snmp-agent trap enable
#
api
api netconf port 1025
api netconf enable
#
security-policy
rule name security
policy logging
session logging
source-zone trust
destination-zone untrust
service icmp
action permit
#
Return
17 IPSec VPN Management

17.1 Introduction

17.1.1 About this lab

17.1.2 Objectives

17.1.3 Networking and Service Description

Loopback0 Loopback0
10.1.100.100/24 10.1.200.100/24

17.1.4 Prerequisites

17.1.5 Experiment Plan

17.2 Configuration Procedure

17.2.1 Configuration Roadmap

17.2.2 Configuration Steps

Step 1

<FW3>system-view
[FW3]interface GigabitEthernet 1/0/1
[FW3-GigabitEthernet1/0/1]shutdown
[FW3-GigabitEthernet1/0/1]quit

Step 2
<FW3>system-view
[FW3]interface GigabitEthernet 0/0/0
[FW3-GigabitEthernet0/0/0]service-manage enable
[FW3-GigabitEthernet0/0/0]service-manage snmp permit
[FW3-GigabitEthernet0/0/0]service-manage netconf permit
[FW3-GigabitEthernet0/0/0]quit
[FW3]snmp-agent
[FW3]snmp-agent sys-info version v2c
[FW3]snmp-agent mib-view included iso-view iso
[FW3]snmp-agent community read Huawei@123 mib-view iso-view
[FW3]snmp-agent community write Admin@123 mib-view iso-view
[FW3]snmp-agent target-host trap address udp-domain 172.21.20.77 params
securityname adminnms v2c
[FW3]snmp-agent trap enable
Warning: All switches of SNMP trap/notification will be open. Continue?
[Y/N]:y

Step 3
Step 4
Business > Security Business > IPSec VPN Management
After the successful discovery, you can click Back on the upper right of the page to return to the
service group.

17.3 Verification

17.3.1 View the IPSec VPN service status

In the service list, check the Service Status.

17.4 Reference Configuration

17.4.1 FW1 Configuration

#
sysname FW1
#
FTP server enable
#
acl number 3000
rule 5 permit ip source 10.1.100.0 0.0.0.255 destination 10.1.200.0
0.0.0.255
#
ipsec proposal prop12910282665
encapsulation-mode auto
esp authentication-algorithm sha2-256
esp encryption-algorithm aes-256
#
ike proposal 1
encryption-algorithm aes-256
dh group2
authentication-algorithm sha2-256
authentication-method rsa-signature
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
#
ike peer ike12910282665
exchange-mode auto
ike-proposal 1
local-id-type fqdn
remote-id-type fqdn
remote-id 10.1.61.12
local-id 10.1.61.11
remote-address 10.1.61.12
certificate local-filename 10.1.61.11.crt
#
ipsec policy ipsec1291028263 1 isakmp
security acl 3000
ike-peer ike12910282665
proposal prop12910282665
tunnel local applied-interface
alias IPSec_Cert
sa trigger-mode auto
sa duration traffic-based 5242880
sa duration time-based 3600
#
aaa
manager-user admin
password cipher @%@%gM0~%~ui"Dz.561VQjeBacGT).AVB2cUf2k1$%#pgF]OcGWa@%@%
service-type web terminal telnet
level 15
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.61.11 255.255.255.0
service-manage ping permit
ipsec policy ipsec1291028263

interface LoopBack0
ip address 10.1.100.100 255.255.255.0
#
firewall zone dmz
set priority 50
add interface GigabitEthernet1/0/2
#
ip route-static 10.1.200.0 255.255.255.0 10.1.61.12
#
security-policy
rule name IPSec
source-address 10.1.100.0 255.255.255.0
destination-address 10.1.200.0 255.255.255.0
action permit
rule name IKE
source-zone local
destination-zone dmz
action permit
#
snmp-agent
snmp-agent local-engineid 800007DB032C9D1E2BEC4E
snmp-agent community read
cipher %^%#l[:y4pLX*,:rN$:%LZB)wR#l9RZ[C8hBRo([8[(/kG8SY:cj-F-@^+Uu@Tu2t&x:F-
lIs0dz>;G6LEl"%^%# mib-view iso-view
snmp-agent community write
cipher %^%#ei}rKjLw,BBrPdO\Wi}5)~6O>:ZLhP!:mx>e5;.21;TvX^4I-
RZj0YQ/hc,<n&lp::wE)-v[ul0"@K9T%^%# mib-view iso-view
snmp-agent sys-info version v2c v3
snmp-agent target-host trap address udp-domain 172.21.20.77 params
securityname cipher %^%#,N#:NHR(T@_d/J*GHi[7(NqUQ_YcWFbZBM58JR"U%^%# v2c
snmp-agent mib-view included iso-view iso
snmp-agent trap enable
#
user-interface vty 0 4
authentication-mode aaa
user privilege level 15
protocol inbound all
#
return

17.4.2 FW2 Configuration

#
sysname FW2
#
FTP server enable
#
acl number 3000
rule 5 permit ip source 10.1.200.0 0.0.0.255 destination 10.1.100.0
0.0.0.255
#
ipsec proposal prop12910292355
encapsulation-mode auto
esp authentication-algorithm sha2-256
esp encryption-algorithm aes-256
#
ike proposal 1
encryption-algorithm aes-256
dh group2
authentication-algorithm sha2-256
authentication-method rsa-signature
integrity-algorithm hmac-sha2-256
prf hmac-sha2-256
#
ike peer ike129102923557
exchange-mode auto
ike-proposal 1
local-id-type fqdn
remote-id-type fqdn
remote-id 10.1.61.11
local-id 10.1.61.12
remote-address 10.1.61.11
certificate local-filename 10.1.61.12.crt
#
ipsec policy ipsec1291029238 1 isakmp
security acl 3000
ike-peer ike129102923557
proposal prop12910292355
tunnel local applied-interface
alias IPSec_Cert
sa trigger-mode auto
sa duration traffic-based 5242880
sa duration time-based 3600
#
aaa
manager-user admin
password cipher @%@%LaN!4}F\c@t^yYS25YLIh;=yW`7=(uO{e0kj*^9"qliI;=|h@%@%
service-type web terminal telnet
level 15
#
interface GigabitEthernet1/0/2
undo shutdown
ip address 10.1.61.12 255.255.255.0
service-manage ping permit
ipsec policy ipsec1291029238
#
interface LoopBack0
ip address 10.1.200.100 255.255.255.0
#
firewall zone dmz
set priority 50
add interface GigabitEthernet1/0/2
#
ip route-static 10.1.100.0 255.255.255.0 10.1.61.11
#
security-policy
rule name IPSec
source-address 10.1.200.0 255.255.255.0
destination-address 10.1.100.0 255.255.255.0
action permit
rule name IKE
source-zone local
destination-zone dmz
action permit
#
snmp-agent
snmp-agent local-engineid 800007DB032C9D1E2BEC6A
snmp-agent community read
cipher %^%#9D(ySt.+p&UAkX'b'TrLDSk[)hx<mPin#$)A0y;V|WD8M8@`VTY=A|2$,/L0]2c//y
hE|UV<_H#!PO}W%^%# mib-view iso-view
snmp-agent community write cipher %^%#7wr%=mxye7J/4.0Cq\E3RuA4TfbKa;uq;i)-
"U72\9bN#Bu2x~8GT2RqWzHJC}9t4>@8~<v:sDRw/!yR%^%# mib-view iso-view
snmp-agent sys-info version v2c v3
snmp-agent target-host trap address udp-domain 172.21.20.77 params
securityname cipher %^%#fF<jD/a71/`YuSA$n!"#Wi/tI{62gW]`ALHZn(CD%^%# v2c
snmp-agent mib-view included iso-view iso
snmp-agent trap enable
#
user-interface vty 0 4
authentication-mode aaa
user privilege level 15
protocol inbound all
#
Return
Recommendations
 Huawei Learning Website
 http://learning.huawei.com/en

 Huawei e-Learning
 https://ilearningx.huawei.com/portal/#/portal/ebg/51

 Huawei Certification
 http://support.huawei.com/learning/NavigationAction!createNavi?navId=_31
&lang=en

 Find Training
 http://support.huawei.com/learning/NavigationAction!createNavi?navId=_trai
ningsearch&lang=en

More Information
 Huawei learning APP

Lab 1.4.1: Challenge Review: (Instructor Version)
100% (1)
Lab 1.4.1: Challenge Review: (Instructor Version)
26 pages
2.2.2.5 Lab - Configuring IPv4 Static and Default Routes - ILM
No ratings yet
2.2.2.5 Lab - Configuring IPv4 Static and Default Routes - ILM
18 pages
SRWE Practice PT Skills Assessment (PTSA) - Part 2 Answers
No ratings yet
SRWE Practice PT Skills Assessment (PTSA) - Part 2 Answers
47 pages
Basic Cisco Troubleshooting PDF
0% (1)
Basic Cisco Troubleshooting PDF
1 page
01 Lab Inter-VLAN
No ratings yet
01 Lab Inter-VLAN
6 pages
CCNA Demo) Class
No ratings yet
CCNA Demo) Class
95 pages
Guide Huawei - Access Controllers (ACs)
No ratings yet
Guide Huawei - Access Controllers (ACs)
16 pages
Documento Huawei USG6000 Como DHCP-ingles
No ratings yet
Documento Huawei USG6000 Como DHCP-ingles
17 pages
Lab - Switch Security Configuration (Answers Version)
No ratings yet
Lab - Switch Security Configuration (Answers Version)
20 pages
Multi-Area OSPF Configuration Guide
No ratings yet
Multi-Area OSPF Configuration Guide
19 pages
CCNA 2 SRWE Practice PT Skills Assessment (PTSA) - Part 1 Answers
No ratings yet
CCNA 2 SRWE Practice PT Skills Assessment (PTSA) - Part 1 Answers
1 page
4.2.7 Packet Tracer - Configure Router-On-A-Stick Inter-VLAN Routing - ILM
100% (1)
4.2.7 Packet Tracer - Configure Router-On-A-Stick Inter-VLAN Routing - ILM
4 pages
LAB 03 - Configuring Inter VLAN Trunking
No ratings yet
LAB 03 - Configuring Inter VLAN Trunking
29 pages
Network Configuration Details
No ratings yet
Network Configuration Details
7 pages
Dell FTOS 04 Basic Troubleshooting Tools
No ratings yet
Dell FTOS 04 Basic Troubleshooting Tools
17 pages
LAB Inter VLAN Routing - Router On Stick
No ratings yet
LAB Inter VLAN Routing - Router On Stick
6 pages
LAB Inter VLAN Routing - Router On Stick
No ratings yet
LAB Inter VLAN Routing - Router On Stick
6 pages
Quiz 1 ANSWER
No ratings yet
Quiz 1 ANSWER
4 pages
Router On A Stick PDF
100% (1)
Router On A Stick PDF
6 pages
02 Lab Intel-VLAN Router On Stick
No ratings yet
02 Lab Intel-VLAN Router On Stick
6 pages
32 h3c WX Series Ac Fit AP Ssidvlan Based Local Forwarding Configuration Example
No ratings yet
32 h3c WX Series Ac Fit AP Ssidvlan Based Local Forwarding Configuration Example
10 pages
Module 4 Routing Configuration
No ratings yet
Module 4 Routing Configuration
16 pages
Switch#erase Startup-Config Switch#delete Flash:vlan - Dat Switch#reload Switch Enable S1#show Vlan
No ratings yet
Switch#erase Startup-Config Switch#delete Flash:vlan - Dat Switch#reload Switch Enable S1#show Vlan
10 pages
Lab 5-2 Implementing DHCP
0% (1)
Lab 5-2 Implementing DHCP
14 pages
Lab 5-1 Route Import and Control
No ratings yet
Lab 5-1 Route Import and Control
33 pages
CCNA1 v7.0 PT Skills Assessment
No ratings yet
CCNA1 v7.0 PT Skills Assessment
1 page
Performance Assessment - Help-2
No ratings yet
Performance Assessment - Help-2
20 pages
Basic Router Configuration
No ratings yet
Basic Router Configuration
26 pages
5
No ratings yet
5
2 pages
Configuracion Swi Del n1524p Datacenter
No ratings yet
Configuracion Swi Del n1524p Datacenter
18 pages
Chapter Two Lab-7 - Build A Switch and Router Network - Physical Mode
No ratings yet
Chapter Two Lab-7 - Build A Switch and Router Network - Physical Mode
4 pages
Configurations
No ratings yet
Configurations
7 pages
To Study Dynamic Routing Through EIGRP
No ratings yet
To Study Dynamic Routing Through EIGRP
6 pages
Configuration Cisco Router CCNA Introduction To Networks V7.02
No ratings yet
Configuration Cisco Router CCNA Introduction To Networks V7.02
6 pages
4.2.9 Example For Configuring Wlan Services On A Small-Scale Network (Ipv4 Network)
No ratings yet
4.2.9 Example For Configuring Wlan Services On A Small-Scale Network (Ipv4 Network)
16 pages
Lab2test - Configuring VLANs and Trunking - ILM
No ratings yet
Lab2test - Configuring VLANs and Trunking - ILM
18 pages
Show Screens With Macros
No ratings yet
Show Screens With Macros
34 pages
Lab5test - Configuring Per-Interface Inter-VLAN Routing - ILM
No ratings yet
Lab5test - Configuring Per-Interface Inter-VLAN Routing - ILM
12 pages
Conmutación Y Enrutamiento Paralelo 101 Laboratorio 5
No ratings yet
Conmutación Y Enrutamiento Paralelo 101 Laboratorio 5
25 pages
Lab Mpls LDP Configuration
No ratings yet
Lab Mpls LDP Configuration
17 pages
11 Cisco Device Functions - Lab Exercises
No ratings yet
11 Cisco Device Functions - Lab Exercises
7 pages
Paramteros
No ratings yet
Paramteros
5 pages
AOS-CX Simulator Lab - Campus 2-Tier Routed Access RIPv2 Lab Guide
No ratings yet
AOS-CX Simulator Lab - Campus 2-Tier Routed Access RIPv2 Lab Guide
7 pages
Cisco Router & Switch Lab Guide
No ratings yet
Cisco Router & Switch Lab Guide
7 pages
Router On Stick Report
No ratings yet
Router On Stick Report
4 pages
Configuring Traditional Inter-Vlan Routing
No ratings yet
Configuring Traditional Inter-Vlan Routing
3 pages
Network Device Configuration Lab
No ratings yet
Network Device Configuration Lab
8 pages
Basic EIGRP Config
No ratings yet
Basic EIGRP Config
18 pages
Networking Lab: Routing Basics
No ratings yet
Networking Lab: Routing Basics
15 pages
Configuracion 1ra Red
No ratings yet
Configuracion 1ra Red
5 pages
ASA4
No ratings yet
ASA4
3 pages
6.5.1.2 Lab - Building A Switch and Router Network
No ratings yet
6.5.1.2 Lab - Building A Switch and Router Network
6 pages
17.8.1 Lab - Design and Build A Small Network - ILM
No ratings yet
17.8.1 Lab - Design and Build A Small Network - ILM
5 pages
CH 3 1 Routers
No ratings yet
CH 3 1 Routers
31 pages
Network Connectivity Testing Lab
0% (1)
Network Connectivity Testing Lab
11 pages
Routing and ..
No ratings yet
Routing and ..
36 pages
EIGRP Basic Configuration For CCNA Students by Eng. Abeer Hosni
No ratings yet
EIGRP Basic Configuration For CCNA Students by Eng. Abeer Hosni
18 pages
10.4.3packet Tracer Cisco
No ratings yet
10.4.3packet Tracer Cisco
4 pages
NE40E-M2 - V800R021C10 - Commissioning Guide
No ratings yet
NE40E-M2 - V800R021C10 - Commissioning Guide
40 pages
NE40E-M2 V800R021C10 Feature Description
No ratings yet
NE40E-M2 V800R021C10 Feature Description
4,661 pages
NE40E-M2 - V800R021C10 - License Guide
No ratings yet
NE40E-M2 - V800R021C10 - License Guide
4 pages
Huawei Certification Privileges
No ratings yet
Huawei Certification Privileges
471 pages
NE40E-M2 - V800R021C10 - Installation Guide
No ratings yet
NE40E-M2 - V800R021C10 - Installation Guide
5 pages
HCIP-Storage-CDPS Training Material V4.0
No ratings yet
HCIP-Storage-CDPS Training Material V4.0
394 pages
Deborah+and+Huldah Bohr
No ratings yet
Deborah+and+Huldah Bohr
9 pages
HCIP-Security CSSN V3.0 Training Material
No ratings yet
HCIP-Security CSSN V3.0 Training Material
441 pages
Secrets Unsealed Program Expansion
No ratings yet
Secrets Unsealed Program Expansion
25 pages
English (American) Level 1 - Student Workbook PDF
No ratings yet
English (American) Level 1 - Student Workbook PDF
100 pages
Network3 - Lecture 3, 4
No ratings yet
Network3 - Lecture 3, 4
21 pages
TCP/IP Networking Course Info
No ratings yet
TCP/IP Networking Course Info
5 pages
Huawei SW STD Template Configration - South REGIONAL
No ratings yet
Huawei SW STD Template Configration - South REGIONAL
6 pages
Networking Protocols Course Guide
No ratings yet
Networking Protocols Course Guide
30 pages
IEEE 802.1ah
No ratings yet
IEEE 802.1ah
3 pages
MTCNA Outline 1
100% (1)
MTCNA Outline 1
5 pages
Gate Cse Notes: Joyoshish Saha
No ratings yet
Gate Cse Notes: Joyoshish Saha
26 pages
Computer and Wireless Networks Exam
No ratings yet
Computer and Wireless Networks Exam
4 pages
Automotive Ethernet 1
No ratings yet
Automotive Ethernet 1
467 pages
Analysis of The File Transfer Protocol
No ratings yet
Analysis of The File Transfer Protocol
31 pages
CCNA 1 v7.0 Final Exam Answers Full - Introduction To Networks
No ratings yet
CCNA 1 v7.0 Final Exam Answers Full - Introduction To Networks
63 pages
PTP Primer For The Cable Dummies
No ratings yet
PTP Primer For The Cable Dummies
21 pages
GV53MG Quick Start V1.00
No ratings yet
GV53MG Quick Start V1.00
2 pages
HUAWEI - OSPF Configuration
100% (1)
HUAWEI - OSPF Configuration
148 pages
Lecture 5 PT - CreateTopology
No ratings yet
Lecture 5 PT - CreateTopology
17 pages
Ascent™ Control Module (ACM) : Technical Datasheet
100% (1)
Ascent™ Control Module (ACM) : Technical Datasheet
3 pages
Segment Routing & SRTE Guide
No ratings yet
Segment Routing & SRTE Guide
63 pages
Internet Technology Model
No ratings yet
Internet Technology Model
1 page
Senior Network Engineer 2
No ratings yet
Senior Network Engineer 2
12 pages
GSMA IR.51-v4.0 IMS Profile For Voice Video SMS Over WiFi
No ratings yet
GSMA IR.51-v4.0 IMS Profile For Voice Video SMS Over WiFi
16 pages
Alfresco With OpenLDAP (Simple Authentication, v3.1.1)
No ratings yet
Alfresco With OpenLDAP (Simple Authentication, v3.1.1)
10 pages
Power Connect LV Network Modem Module
No ratings yet
Power Connect LV Network Modem Module
2 pages
Cmoore
No ratings yet
Cmoore
20 pages
Addressing: The What' and Where' of Communication
No ratings yet
Addressing: The What' and Where' of Communication
58 pages
Unit-5 Transport and Upper Layers in OSI Model
No ratings yet
Unit-5 Transport and Upper Layers in OSI Model
7 pages
NERA-Evolution Series Technical Description C
100% (1)
NERA-Evolution Series Technical Description C
118 pages
Incorrect Due Date of Homework Being Displayed On Parent's Account
No ratings yet
Incorrect Due Date of Homework Being Displayed On Parent's Account
76 pages
Midterm 05 Sol PDF
No ratings yet
Midterm 05 Sol PDF
6 pages
Note-Windows Server Administration
No ratings yet
Note-Windows Server Administration
134 pages
02 HUAWEI UGW9811 V900R001 Unified Gateway Product Description
No ratings yet
02 HUAWEI UGW9811 V900R001 Unified Gateway Product Description
39 pages