George Persian Logout

03-Account-Access Device Binding

Account-Access Device Binding

To view this video, click the download link.

 

Software Version Used

This video was recorded based on the following versions:

l          iMC versions: iMC PLAT 3.20-E2403, iMC UAM 3.20-E0402

l          iNode version: iNode 2.40-C0341

Web interfaces of different versions may vary.

 

Application Scenario

In a network, security levels and accounting standards may vary in different areas. Hence, it is always necessary to prevent an account from being used in different areas. The iMC UAM provides the account-access device binding function to limit an account’s access the network to a specified device, port, or VLAN, thus effectively addressing the problem described earlier.

 

Recommended Configuration Flow

 

Step1   Add Access Device.

Add an access device that supports 802.1X and AAA to the iMC system, so that the access device can cooperate with the iMC system to deliver 802.1X and AAA features.

Step2   Add a service.

A service is a set of policies for user authentication and authorization.

The service added in this step includes an access device binding policy, where the access device's IP address, access port, and VLAN are to be bound with the account. Users using this service are constrained by this access device binding policy.

Step3   Add Account.

Each user accessing the network must have an account configured in the iMC. It contains information such as the account name, password, the IP address of the access device, the access port, and VLAN.

This step shows how to add an account to the iMC system and apply for the service configured at step 2.

Step4   Configure Access Device.

An access device is used to control access of users. Users that pass the authentication are allowed to access the network, while those who fail to pass the authentication are denied access.

This step shows how to configure a RADIUS scheme, an ISP domain, and the 802.1X feature, thus ensuring that users can normally access the network after passing the authentication.

Step5   Verify Configuration.

iNode client refer to the authentication client installed on terminal users' PC to work with iMC.

This step shows that:

1)        When a user meets all the binding rules, it can pass authentication.

2)        When the user access VLAN is inconsistent with the bound VLAN, the user fails to pass authentication.

3)        When the user access port is inconsistent with the bound port, the user fails to pass authentication.

4)        When the IP of the access device is inconsistent with the bound device IP, the user fails to pass authentication.