Shulou(Shulou.com)06/01 Report--

RADIUS Authentication Scheme of Wireless access to ACS in a Banking system

Project background:

Wireless access and IPSEC encryption are commonly used in bank departure equipment at present. This paper specially introduces RADIUS authentication in ACS authentication function.

01

Project information:

Hengkang 3G Unicom uses 3G/4G wireless dial-up to dial in to operators

Operator verifies SIM card information (whether it is in arrears, whether it belongs to VPDN)

No IP address is assigned after successful authentication, and the authentication information is forwarded to LNS.

After receiving the authentication information, LNS gives it to ACS for authentication.

ACS receives authentication information and assigns IP after passing the authentication.

Hengkang 3G has obtained an IP address of 1.8.8.8.

LNS has 1.8.8.8 routes but not 11.2.2.0 routes

The × × gateway has a route of 1.8.8.8, but it is not published to the intranet.

Hengkang 3G Link establishes IPSEC Tunnel with × × Gateway

The terminal can finally ping the test server.

ACS partial configuration

Create device properties and assign attributes to devices

Location attribute

Location of the named device: LNS_beijing

02

Type attribute

Establish all router properties, LNS_Cisco belongs to all routers

Named device type LNS_Cisco

03

Create an AAA client and specify the parameters that the client has

The two properties created earlier are called here to form a property group.

Named LNS_Cisco

Location belongs to LNS_beijing

Type is LNS_Cisco

IP is 192.168.5.41

The shared key is cisco

04

05

Create user attributes

Assign attributes to users

IP address assignment Properties

This property controls whether IP addresses are allowed to be assigned when a user is created.

06

Create user group attributes:

Two groups of daily and disaster preparedness have been set up here.

07

Create a user account. In this case, the user belongs to the disaster recovery group.

08

09

Create a policy component:

Authorization policies require the use of policy components

Name it ABC_3G_VPDN_Authorization.

ten

RADIUS Attributes Tab

Allow allocation of IPV4 addresses

eleven

Create a user access policy:

Create a certification service

twelve

thirteen

Select matching module

fourteen

Click Save

Create access rules:

After matching the selected entries, use the ABC_3G_VPDN_Access service you just created

fifteen

Return to modify the specific content of the service.

sixteen

Match disaster recovery users and IP authorization rules in detail.

seventeen

eighteen

Change the default rule to reject

nineteen

twenty

View the effect

twenty-one

twenty-two

View the matching user name, admission rules, access device, and IP address.

Click the magnifying glass to view details.

twenty-three

The testing equipment are all CISCO simulators.

LNS configuration

Aaa new-model

!

!

Aaa authentication ppp default if-needed group radius certification

Aaa authorization network default group radius authorization

Aaa accounting network default start-stop group radius audit

Radius-server host 192.168.5.247 key cisco server address and key

Interface Serial4/0

Ip address 192.168.8.254 255.255.255.0

Encapsulation ppp

No peer default ip address

Ppp authentication chap

Serial restart-delay 0

No cdp enable

!

Ppp configuration

Interface Serial4/0

Ip address negotiated

Encapsulation ppp

Ppp chap hostname bfby

Ppp chap password 0 bfby

Ppp ipcp route default

Serial restart-delay 0

!

Original download address: http://wenku.baidu.com/view/0b11ee6eb0717fd5370cdcba

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.