George Persian Logout

07-Certificate-Based 802.1X Authentication

Certificate-Based 802.1X Authentication

To view this video, click the download link.

 

Software Version Used

This video was recorded based on the following versions:

l          iMC: PLAT 3.20-E2403, iMC UAM 3.20-E0402

l          iNode: iNode 2.40-C0341

Web interfaces of different versions may vary.

 

Application Scenario

In some network environments, administrators intend to verify user identities in a securer way. Certificate authentication is a popular solution for this purpose.

 

Recommended Configuration Flow

 

Step1   Add Access Device

Add an access device that supports 802.1X and AAA to the iMC system, so that the access device can cooperate with the iMC system to deliver 802.1X and AAA features.

Step2   Configure Certificate

To implement certificate authentication on the iMC system, you need to obtain a root certificate and a server certificate from the certificate server and then import the certificates to the iMC system.

This step shows how to obtain certificates and import them to the iMC system.

Step3   Add Service

Add a service to the iMC system.

A service is a set of policies for user authentication and authorization.

This step shows how to add a service that contains the certificate authentication policy to the iMC system. Users who apply for this service need to pass the certificate authentication.

Step4   Add Account

Add an access account to the iMC system.

A user’s access account is the identity card used by the user to connect to the network. It includes the account name and password.

This step shows how to add a user account to the iMC and apply for the service configured at step 3.

Step5   Configure Access Device

An access device is used to control access of users. It allows authenticated users and denies unauthorized users.

This step shows how to configure a RADIUS scheme, an ISP domain and the 802.1X feature on the device.

Step6   Configure Certificate on User PC

To implement certificate authentication on the iNode client, you need to download a root certificate and request a client certificate from the certificate server, and then install the certificates.

Step7   Configure iNode Connection

An iNode client refers to the authentication client installed on terminal users' PC to work with iMC.

This step shows how to:

1)        Create an 802.1X connection

2)        Use the account added at step 4 to initiate authentication.