|03-Account-Access Device Binding-Account-Access Device Binding.rar||2.35 MB|
- Table of Contents
1 Account-Access Device Binding
To view this video, click the download link.
Software Version Used
This video was recorded based on the following versions:
l iMC versions: iMC PLAT 3.20-E2403, iMC UAM 3.20-E0402
l iNode version: iNode 2.40-C0341
Web interfaces of different versions may vary.
In a network, security levels and accounting standards may vary in different areas. Hence, it is always necessary to prevent an account from being used in different areas. The iMC UAM provides the account-access device binding function to limit an account’s access the network to a specified device, port, or VLAN, thus effectively addressing the problem described earlier.
Recommended Configuration Flow
Step1 Add Access Device.
Add an access device that supports 802.1X and AAA to the iMC system, so that the access device can cooperate with the iMC system to deliver 802.1X and AAA features.
Step2 Add a service.
A service is a set of policies for user authentication and authorization.
The service added in this step includes an access device binding policy, where the access device's IP address, access port, and VLAN are to be bound with the account. Users using this service are constrained by this access device binding policy.
Step3 Add Account.
Each user accessing the network must have an account configured in the iMC. It contains information such as the account name, password, the IP address of the access device, the access port, and VLAN.
This step shows how to add an account to the iMC system and apply for the service configured at step 2.
Step4 Configure Access Device.
An access device is used to control access of users. Users that pass the authentication are allowed to access the network, while those who fail to pass the authentication are denied access.
This step shows how to configure a RADIUS scheme, an ISP domain, and the 802.1X feature, thus ensuring that users can normally access the network after passing the authentication.
Step5 Verify Configuration.
iNode client refer to the authentication client installed on terminal users' PC to work with iMC.
This step shows that:
1) When a user meets all the binding rules, it can pass authentication.
2) When the user access VLAN is inconsistent with the bound VLAN, the user fails to pass authentication.
3) When the user access port is inconsistent with the bound port, the user fails to pass authentication.
4) When the IP of the access device is inconsistent with the bound device IP, the user fails to pass authentication.