Ruijie Community

Title: What Are Precautions for Configuring the Simplified Solution — N18000K? [Print this page]

Author: admin Time: 2017-5-3 17:54
Title: What Are Precautions for Configuring the Simplified Solution — N18000K?
What Are Precautions for Configuring the Simplified Solution — N18000K?

Author: admin Time: 2017-5-3 17:55

1. The CPP rate limit needs to be configured after HTTPS is enabled.

On the N18000K of the latest version, HTTPS performance is optimized, the CPU resource utilization of HTTPS and HTTP is separated in an optimized manner so that HTTPS and HTTP do not affect each other. You can enable HTTPS redirection as required. The CPP rate limit must be configured for HTTPS.

Ruijie(config)#http redirect port 443

Ruijie(config)#cpu-protect type web-auths bandwidth 2000

2. After DHCP snooping is enabled, check-giaddr needs to be configured to solve the problem that a device fails to obtain an IP address when both DHCP snooping and DHCP relay are configured on the device.

ip dhcp snooping

ip dhcp snooping check-giaddr

3. After RADIUS escape is configured, the default parameter values need to be adjusted, to prevent misjudgment and jitter caused by the high detection sensitivity.

radius-server host (radius ip) test username (user-name) idle-time 2 key (radius key)

radius-server dead-criteria time 120 tries 12

4. After RADIUS escape is configured, relevant configuration needs to be applied to ports. Check whether the configuration is complete.

dot1x critical

dot1x critical recovery action reinitialize

5. Certified migration is configured differently now: ARP detection needs to be enabled on the N18000K and ARP proxy needs to be disabled on the AC.

N18K（config）#web-auth station-move arp-detect

N18K（config）#dot1x station-move arp-detect

AC（config）#no proxy_arp enable

Welcome to Ruijie Community (https://community.ruijienetworks.com/)