PART 1. RADIUS server
A. Certificate Generation
menu System/Certificate
Certificates tab:
add (for CA)
General Tab
Name CA-Root
Common Name root
Key Usage Tab
key cert. sign
crl sign
select OK
General Tab
Sign CA-Root
add (for Server certificate)
General Tab
Name Cert-Server
Common Name server
Key Usage Tab
digital signature
key encipherment
data encipherment
key cert. sign
crl sign
tls client
tls server
select OK
General Tab
Sign Cert-Server (with CA CA-Root)
Check Cert-Server as Trusted (General Tab)
B. User Manager
menu User Manager
Setting Tab
Check Enabled
Certitifcate: select server certitificate (Certitifate Generation)
User tab
add (for MAC auth)
Name 0C:66:17:E7:00:00 (MAC address with capital letter)
Attributes Tunnel-Medium-Type 6
Attributes Tunnel-Type 13
Attributes Tunnel-Private-Group-ID 100 (VLAN ID)
Attributes Tunnel-Type 13
Attributes Tunnel-Private-Group-ID 100 (VLAN ID)
add (for 802.1x)
Name user1 (802.1x login username)Password 12345 (802.1x login password)Attributes Tunnel-Medium-Type 6
Attributes Tunnel-Type 13
Attributes Tunnel-Private-Group-ID 100 (VLAN ID)
Attributes Tunnel-Type 13
Attributes Tunnel-Private-Group-ID 100 (VLAN ID)
Router tab
Name RT-1 (name for RADIUS client)
Share secret 123456 (password for RADIUS client)
Address 10.1.1.254 (IP address for RADIUS client)
PART 2. RADIUS client
A. RADIUS client setup
menu RADIUS
add (for do1x service)
Service do1x
Address 10.1.1.1 (IP address for RADIUS server) (Be careful, the IP address must match the RADIUS server's interface address that sending packet back to the client; otherwise, the received packet will be sliently dropped.)
Secert 123456 (password for RADIUS client)
B. Dot1X server setup
menu Do1X
Server Tab
add (for interface)
check dot1x (for 802.1x) or mac auth (for MAC auth)
沒有留言:
張貼留言