informatique:extreme_networks
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revision | Last revisionBoth sides next revision | ||
informatique:extreme_networks [2023/09/07 10:09] – mgmt port pteu | informatique:extreme_networks [2023/09/25 16:09] – [netlogin mac auth] pteu | ||
---|---|---|---|
Line 1104: | Line 1104: | ||
configure mac-locking ports 47 static [add | enable | disable] @MAC | configure mac-locking ports 47 static [add | enable | disable] @MAC | ||
</ | </ | ||
+ | |||
+ | ====authentification par mac==== | ||
+ | |||
+ | On peut également faire vérifier l' | ||
+ | |||
+ | ===Configuration côté switch=== | ||
+ | <code bash> | ||
+ | # création du VLAN d' | ||
+ | create vlan v10_Users tag 10 | ||
+ | create vlan v666_Accueil tag 666 | ||
+ | ! | ||
+ | # configuration du serveur Radius | ||
+ | configure radius netlogin primary server 10.4.1.1 1814 client-ip 10.5.255.253 vr VR-Default | ||
+ | configure radius netlogin primary shared-secret encrypted " | ||
+ | ! | ||
+ | # configuration de l' | ||
+ | |||
+ | configure netlogin vlan v666_Accueil | ||
+ | enable netlogin mac | ||
+ | configure netlogin mac authentication database-order radius | ||
+ | # on active la protection MAC sur les port 1 à 8 (arbitraire) | ||
+ | enable netlogin ports 1-8 mac | ||
+ | configure netlogin add mac-list ff: | ||
+ | ! | ||
+ | enable radius | ||
+ | enable radius netlogin | ||
+ | </ | ||
+ | |||
+ | ===Configuration côté serveur Radius=== | ||
+ | Dans le cas de freeradius, il faut : | ||
+ | * ajouter l'IP du switch (10.5.255.253) et son " | ||
+ | * activer le plugin **authorized_macs** | ||
+ | * peupler le fichier **authorized_macs** avec la liste des adresses MAC permises (format 00-11-22-33-44-55) | ||
+ | * dans la section authorize de la configuration du site : | ||
+ | <file site-enabled/ | ||
+ | [...] | ||
+ | authorize { | ||
+ | | ||
+ | # convertir l'@ mAC dans le bon format | ||
+ | | ||
+ | # | ||
+ | | ||
+ | if (ok) { | ||
+ | # The MAC address was found, so update Auth-Type to accept this auth. | ||
+ | update control { | ||
+ | | ||
+ | } | ||
+ | update reply { | ||
+ | | ||
+ | | ||
+ | | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | [...] | ||
+ | </ | ||
+ | |||
=====Spanning-tree===== | =====Spanning-tree===== | ||
informatique/extreme_networks.txt · Last modified: 2023/12/21 15:11 by pteu