802.1x Authentication with Ruijie And Dynamic VLan Assignment on Ruijie Cloud
Hello everyone! I want to show you how to configure 802.1x authentication with Ruijie and how you can dynamic Vlanassignment configuration on Ruijie Cloud. First step will be authentication with one Vlan and second will be multiple Vlans. Let's begin!
802.1x Authenticationwith Ruijie
After we done the DC setup and Vlan configuration at gateway and switchs side, we move on to the NPS setup.
Now we set up the Active Directory Certificate Services and Network Policy and Acces Services.
data/attachment/forum/202306/09/220038r6j3m938mmm733m8.png
data/attachment/forum/202306/09/220053cseetsue3s353t1k.png
data/attachment/forum/202306/09/220232dmv2mm2ku2iz2ya8.png
data/attachment/forum/202306/09/220255cdsdqd3qc5sa5sql.png
data/attachment/forum/202306/09/220309vbz6tf0qocbusfqc.png
data/attachment/forum/202306/09/220321med1ei7aaf9d337j.png
data/attachment/forum/202306/09/220428zggneg6zcvgecnkn.png
data/attachment/forum/202306/09/220452m98u88uor2zu92r9.png
data/attachment/forum/202306/09/220506rm0fe2lnppvkn1kp.png
data/attachment/forum/202306/09/220520lv6ri0sjfdhsyhey.png
Afterthe installation of the services is finished, we perform the configs of ourcertificate service.
data/attachment/forum/202306/09/220559q0sdh11dssuskkeu.png
data/attachment/forum/202306/09/220649dyuyjld0exz122ll.png
data/attachment/forum/202306/09/220710go4w9iv9grrkrtz9.png
data/attachment/forum/202306/09/220726kwi71wc2hsiwh5t7.png
data/attachment/forum/202306/09/220756moaily8u49y4myyy.png
data/attachment/forum/202306/09/220816f988zesfe2hgh2tf.png
data/attachment/forum/202306/09/220841w4nomq17117m38cw.png
data/attachment/forum/202306/09/220852we7dell6jstmilid.png
data/attachment/forum/202306/09/220904j2b11ujfbu323umu.png
data/attachment/forum/202306/09/220918nxcioulocvfxvsfd.png
data/attachment/forum/202306/09/220954opwyw5pwun72upft.png
data/attachment/forum/202306/09/221004bymjdjgsxrig9jsk.png
We open our Network Policy Server and perform theregistration process.
data/attachment/forum/202306/09/221036dtkopzh21hz8c1oq.png
Now we select the Radius server for 802.1x wireless or wired connections scenario from choosebar and we start the 802.1x configs.
data/attachment/forum/202306/09/221131tuw5w6vvo794kk9u.png
SinceI will show the Vlan structure later, I set my policy name according to my VlanID
data/attachment/forum/202306/09/221212b5jyvym2bvzy7svv.png
We add Radius Client. Here, our clients become our APs. We add the local ip of the APs and resolve their ip to verify
data/attachment/forum/202306/09/221250nqqw79m789we9vo4.png
data/attachment/forum/202306/09/221303iepzpr8evmr229iw.png
data/attachment/forum/202306/09/221318qaw9jcxxgywx7m8u.png
Then,when we enter the information of our Radius server in the portal where we manageour access points and we determine the secret key that it will ask us.
data/attachment/forum/202306/09/221351m96tf3y6tu96otqq.png
We continue when we see the name of the client we added from the list
data/attachment/forum/202306/09/221430l6il96f336lh56m3.png
Wechoose our Authentication method.
data/attachment/forum/202306/09/221508uzww35mzs2wmt5p1.png
We add the group we created earlier in Active Directory.
data/attachment/forum/202306/09/221604n67nszynydsyra5p.png
And wefinish the network policy setup
data/attachment/forum/202306/09/221632ekdhghkhvcpkkjph.png
data/attachment/forum/202306/09/221646q7esqssaxz55szkx.png
We go to our management portal to make the configs on the access point side. In this scenario, I manage my ruijie products in the ruijie cloud, since we perform the ruijie Radius integration.
Now we adjust the Configuration>>Basic>>SSID settings.
data/attachment/forum/202306/09/221745fc24qwfaa4zhecal.jpg
data/attachment/forum/202306/09/221804y7d59447xe8249g4.jpg
Finally,we enter our Radius server information
data/attachment/forum/202306/09/221825xdnvvdujarmdxv40.jpg
NOTE: Do not forget to disable the Windows firewall onthe server. If you do not want to disable it, you need to write a rule for therelevant ports.
As of now, you can connect to the ssid you defined and logout to the internet with the user names and passwords you defined to the group's members (users) that will provide wireless connection with this policy. Let's continue to defining more than one VLAN with the same SSID process.
DYNAMIC VLAN ASSIGNMENT INRUIJIE
Our Vlans communicate with APs broadcasting SSIDs via Network Policy. We need to configure the policy separately for each vlan and configure the vlan ids and settings such as the group where the users to be connected with that vlan are defined. In the scenario we did above, we did not make these settings because we created a network with only native vlans. This time we will configure our network policy, which we previously created with native vlan, with vlan settings with 70 ID. You can also create the networkpolicy that you will create for each vlan you define as native and then configure it for the relevant vlan.
NetworkPolicy Side
Policies>>Network Policies>> We enter therelevant policy and add new ones to the standard Radius attributes.
data/attachment/forum/202306/09/222238ndebh4auzdcyabw9.png
data/attachment/forum/202306/09/222248essuuk7z7u99u4g9.png
Tunnel-Medium-Type
data/attachment/forum/202306/09/222312is3ls04bjh7z1wvx.png
data/attachment/forum/202306/09/222325mull6im6pmj0rbw2.png
data/attachment/forum/202306/09/222335fnsu67sxta7p4ayn.png
Tunnel-Pvt-Group-ID
The attribute where we define our Vlan ID. I added my vlan with 70 ID. You will also enter the ID you defined on the gateway and switch side in this section
data/attachment/forum/202306/09/222453x5555ehtqhycj3qh.png
data/attachment/forum/202306/09/222511jgwfq6zaawqarrrx.png
Tunnel-Type
After adding this, we choose apply and we move on to theoperations on the AP side.
data/attachment/forum/202306/09/222546ullg4zl4nylxvm4n.png
data/attachment/forum/202306/09/222601hk95vklnxn5zauya.png
data/attachment/forum/202306/09/222618fj2npd8j8pnj12jl.png
RuijieSide
First of all, we open Ruijie APs because SSH service isdisabled by default. By entering the interface of the AP directly;
Maintance>>System>>Telnet>>SSHServicesAt here we also set the adminpassword while making ssh connection
data/attachment/forum/202306/09/222653yb8bh00diibkuk6k.jpg
After the SSH connection isestablished, we enter the following commands.
1 config ter
2 vlan range 2-10
3 vlan-group 10
4 vlan-assign-mode dot1x
5 vlan-list 1-10
6 default-vlan 1
7 int gi 0/1.1
8 encapsulation dot1Q group 10
9 ipdhcp snooping trust
10
interfacedot11radio 1/0.1
11 no encapsulation
12 encapsulation dot1Q group 10
13
interfacedot11radio 2/0.1
14 no encapsulation
15 encapsulation dot1Q group 10
16 end
17 wr
NOTE: Enter the vlan range and vlan list commandsconsidering your Vlan IDs.
We can see if our commands are working or not, by entering the interface of the AP, whether the Vlan list is defined or not. In the image below, because I configured the vlan list as 1-100, up to 100 vlans were defined. Or we can see the vlan list with the show vlan group command.
data/attachment/forum/202306/09/222755zbbbotfwn5of0o8y.jpg
If you want to make this config to all your AP’s via RuijieCloud;
When we do Configuration>>Basic>>AdvancedSetting>>CLI Command>>Addandselect the models of the devices that we want to aply the config in the windowthat opens, and then enter the command with a command on each line, the configwill be aplied on all the devices you select through those commands.
data/attachment/forum/202306/09/222817wpa82pxpmmax5dam.jpg
And it has done. Now, there will be one SSID and when theuser logs in with his credential, with the NPC we assign to the user and groupthat we have opened in Active Directory, he will be able to access the internetfrom the relevant VLan.
I hope i could help.
Kind Regards / Adnan AKBEL
Wonderfully Sharing!!!!!👍👍👍
Thank you for sharing.
Can you show how to customize the Ruijie login form?
Dario Vindas replied at 2023-6-14 19:28
Thank you for sharing.
Can you show how to customize the Ruijie login form?Hi sir,
May I know your detail demand?
Pages:
[1]