SHARIFUL's TECH BLOG

I found it very difficult to find the actual configuration steps that is required for 802.1x authentication in Huawei's VRP based switches. Huawei have two authentication modes - unified-mode and common-mode . I did not find any straight forward configuration guide on how to configure 802.1X in unified-mode . In today's blog article I will just try to address that. In this blog, I will just cover Huawei VRP based switches's configuration commands in unified-mode authentication for 802.1x. I will not present a network topology and work with that. If someone is interested about a full network setup and example, I recommend reading part I , part II and compare the configuration accordingly. Verify authentication mode First we will, check for current authentication mode the switch is running. If it is running "common-mode", we need to change it to "unified-mode" . Changing authentication mode requires a restart of the switch. [sw] display au

In part I , we have configured client and server for our wired 802.1x authentication. Now we will configure the remaining part which is the configuration of authenticator/switch. We are using Cisco switch with IOS version 15. Our topology looks like below - Topology for 802.1x wired In our topology we have 4 vlans which are server (id 245 - 172.16.245.0/24), client (id 246 - 172.16.246.0/24), guest (vlan id 247 - 172.16.247.0/24) and mgmt (vlan id 250 - 172.16.250.0/24). The NPS server has an IP adress of  - 172.16.245.11/24. The router is the gateway to all of the vlans. The client will get an IP adress from vlan 246 or 247 depending on 802.1x authentication status. The NPS-Server also acting as a DHCP server for different networks. We are testing only dot1x authentication. There is no traffic filtering applied between client and guest vlan. When a client is placed into vlan 246 (client) or guest (246) by dot1x, it has the same level of network access. Here we are testi