H3C Technologies H3C WX3000E Series Wireless Switches User Manual
H3c wx series access controllers, Security configuration guide
Advertising
This manual is related to the following products:
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points H3C S10500 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S12500 Series Switches H3C S9500E Series Switches H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C SR8800 H3C SR6600-X H3C SR6600 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000
Table of contents
Document Outline
- Title Page
- Preface
- Contents
- Configuring AAA
- AAA overview
- AAA configuration considerations and task list
- Configuring AAA schemes
- Configuring local users
- Configuring RADIUS schemes
- RADIUS scheme configuration task list
- Creating a RADIUS scheme
- Specifying the RADIUS authentication/authorization servers
- Specifying the RADIUS accounting servers and the relevant parameters
- Specifying the shared keys for authenticating RADIUS packets
- Setting the supported RADIUS server type
- Setting the maximum number of RADIUS request transmission attempts
- Setting the status of RADIUS servers
- Setting the username format and traffic statistics units
- Specifying the source IP address for outgoing RADIUS packets
- Specifying a backup source IP address for outgoing RADIUS packets
- Setting timers for controlling communication with RADIUS servers
- Configuring RADIUS accounting-on
- Configuring the IP address of the security policy server
- Enabling the RADIUS offload feature
- Configuring interpretation of RADIUS class attribute as CAR parameters
- Enabling the trap function for RADIUS
- Enabling logging of RADIUS packets
- Enabling the RADIUS listening port of the RADIUS client
- Displaying and maintaining RADIUS
- Configuring HWTACACS schemes
- HWTACACS configuration task list
- Creating an HWTACACS scheme
- Specifying the HWTACACS authentication servers
- Specifying the HWTACACS authorization servers
- Specifying the HWTACACS accounting servers and the relevant parameters
- Specifying the shared keys for authenticating HWTACACS packets
- Setting the username format and traffic statistics units
- Specifying a source IP address for outgoing HWTACACS packets
- Setting timers for controlling communication with HWTACACS servers
- Displaying and maintaining HWTACACS
- Configuring LDAP schemes
- LDAP configuration task list
- Creating an LDAP scheme
- Specifying the LDAP authentication server
- Specifying the LDAP authorization server
- Specifying the LDAP version
- Specifying the LDAP server type
- Setting the LDAP server timeout period
- Configuring administrator attributes
- Configuring LDAP user attributes
- Configuring LDAP group attributes
- Displaying and maintaining LDAP
- Configuring AAA methods for ISP domains
- Tearing down user connections forcibly
- Configuring local EAP authentication
- Configuring a NAS ID-VLAN binding
- Specifying the device ID used in stateful failover mode
- Displaying and maintaining AAA
- AAA configuration examples
- HWTACACS authentication and authorization for Telnet users
- Local authentication and HWTACACS authorization for Telnet users
- RADIUS authentication, authorization, and accounting for wireless users
- Authentication for Telnet users by an LDAP server
- AAA for portal users by a RADIUS server
- AAA for 802.1X users by a RADIUS server
- Local EAP authentication and authorization for 802.1X users
- RADIUS offload for 802.1X users
- Level switching authentication for Telnet users by an HWTACACS server
- Local EAP authentication for 802.1X users by an LDAP server
- Control of Temporary Access of Wireless Users
- Troubleshooting AAA
- 802.1X overview
- Configuring 802.1X
- H3C implementation of 802.1X
- Configuration prerequisites
- 802.1X configuration task list
- Enabling EAP relay or EAP termination
- Setting the maximum number of concurrent 802.1X users on a port
- Setting the maximum number of authentication request attempts
- Setting the 802.1X authentication timeout timers
- Configuring the online user handshake function
- Configuring the authentication trigger function
- Specifying a mandatory authentication domain on a port
- Configuring the quiet timer
- Enabling the periodic online user re-authentication function
- Configuring an 802.1X guest VLAN
- Configuring an Auth-Fail VLAN
- Specifying supported domain name delimiters
- Configuring the accounting delay feature
- Displaying and maintaining 802.1X
- 802.1X authentication configuration example
- 802.1X with ACL assignment configuration example
- Configuring MAC authentication
- Overview
- Using MAC authentication with other features
- MAC authentication configuration task list
- Basic configuration for MAC authentication
- Specifying an authentication domain for MAC authentication users
- Configuring a MAC authentication guest VLAN
- Displaying and maintaining MAC authentication
- MAC authentication configuration examples
- Configuring portal authentication
- Overview
- Portal configuration task list
- Configuration prerequisites
- Specifying a portal server for Layer 3 portal authentication
- Configuring the local portal server
- Enabling Layer 3 portal authentication
- Controlling access of portal users
- Configuring RADIUS related attributes
- Specifying a source IP address for outgoing portal packets
- Configuring MAC-based quick portal authentication
- Assiociating an SSID and AP with a portal server and authentication domain
- Configuring portal stateful failover
- Specifying an auto redirection URL for authenticated portal users
- Configuring portal detection functions
- Logging off portal users
- Enabling logging for portal packets
- Configuring to carry parameters in the redirection URL
- Displaying and maintaining portal
- Portal configuration examples
- Configuring direct portal authentication
- Configuring re-DHCP portal authentication
- Configuring direct portal authentication with extended functions
- Configuring re-DHCP portal authentication with extended functions
- Configuring portal stateful failover
- Configuring portal server detection and portal user information synchronization
- Configuring direct portal authentication using local portal server
- Configuring portal stateful failover with local portal servers
- Troubleshooting portal
- Configuring port security
- Overview
- Port security configuration task list
- Enabling port security
- Setting port security's limit on the number of MAC addresses on a port
- Setting the port security mode
- Configuring port security features
- Configuring port security for WLAN ports
- Ignoring authorization information from the server
- Enabling remote authentication proxy
- Displaying and maintaining port security
- Port security configuration examples
- Troubleshooting port security
- Configuring a user profile
- Configuring password control
- Managing public keys
- Configuring PKI
- Overview
- PKI configuration task list
- Configuring an entity DN
- Configuring a PKI domain
- Submitting a PKI certificate request
- Retrieving a certificate manually
- Configuring PKI certificate verification
- Destroying a local RSA key pair
- Deleting a certificate
- Configuring an access control policy
- Displaying and maintaining PKI
- PKI configuration examples
- Troubleshooting PKI
- Configuring SSH2.0
- Overview
- Configuring the access controller as an SSH server
- Configuring the access controller as an SSH client
- Displaying and maintaining SSH
- SSH server configuration examples
- SSH client configuration examples
- Configuring SFTP
- Configuring SSL
- Configuring TCP attack protection
- Configuring ARP attack protection
- Overview
- ARP attack protection configuration task list
- Configuring unresolvable IP attack protection
- Configuring ARP packet rate limit
- Configuring source MAC address based ARP attack detection
- Configuring ARP packet source MAC address consistency check
- Configuring ARP active acknowledgement
- Configuring ARP detection
- Configuring ARP gateway protection
- Configuring ARP filtering
- Configuring FIPS
- Configuring IPsec
- Overview
- IPsec configuration task list
- Configuring an IPsec proposal
- Configuring an IPsec policy
- Applying an IPsec policy group to an interface
- Configuring IPsec stateful failover
- Displaying and maintaining IPsec
- Configuration example for IPsec between AC and AP
- IPsec stateful failover configuration example
- Configuring IKE
- Overview
- IKE configuration task list
- Configuring a name for the local security gateway
- Configuring an IKE proposal
- Configuring an IKE peer
- Setting keepalive timers
- Setting the NAT keepalive timer
- Configuring a DPD detector
- Disabling next payload field checking
- Displaying and maintaining IKE
- IKE configuration example
- Troubleshooting IKE
- Index