802.1X na Mikrotiku: Porovnání verzí
Z Wiki UnArt Slavičín
Skočit na navigaciSkočit na vyhledávání
Bez shrnutí editace |
Bez shrnutí editace |
||
Řádek 5: | Řádek 5: | ||
/radius incoming | /radius incoming | ||
set accept=yes port=1700 | set accept=yes port=1700 | ||
Vytvoříme profil zabezpečení s jménem CZFROAM: | |||
/interface wireless security-profiles | /interface wireless security-profiles | ||
Řádek 11: | Řádek 13: | ||
static-algo-1=none static-algo-2=none static-algo-3=none static-key-0="" static-key-1="" static-key-2="" static-key-3="" static-sta-private-algo=none static-sta-private-key="" static-transmit-key=key-0 \ | static-algo-1=none static-algo-2=none static-algo-3=none static-key-0="" static-key-1="" static-key-2="" static-key-3="" static-sta-private-algo=none static-sta-private-key="" static-transmit-key=key-0 \ | ||
supplicant-identity=0 tls-certificate=none tls-mode=no-certificates unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key="" wpa2-pre-shared-key="" | supplicant-identity=0 tls-certificate=none tls-mode=no-certificates unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key="" wpa2-pre-shared-key="" | ||
Rozhraní s jménem CZFROAM nastavíme stejnojmenný profil zabezpečení: | |||
/interface wireless | /interface wireless | ||
set [find name="CZFROAM"] security-profile=CZFROAM | set [find name="CZFROAM"] security-profile=CZFROAM |
Aktuální verze z 19. 9. 2012, 07:39
Nastavení RADIUSu (pro přihlašování a wireless):
/radius add accounting-backup=no accounting-port=1813 address=10.143.126.8 authentication-port=1812 called-id="" disabled=no domain="" realm="" secret=secret service=login,wireless timeout=300ms /radius incoming set accept=yes port=1700
Vytvoříme profil zabezpečení s jménem CZFROAM:
/interface wireless security-profiles add authentication-types=wpa-eap,wpa2-eap eap-methods=passthrough group-ciphers=tkip,aes-ccm group-key-update=5m interim-update=0s management-protection=allowed management-protection-key="" mode=dynamic-keys name=\ CZFROAM radius-eap-accounting=no radius-mac-accounting=no radius-mac-authentication=no radius-mac-caching=disabled radius-mac-format=XX:XX:XX:XX:XX:XX radius-mac-mode=as-username-and-password static-algo-0=none \ static-algo-1=none static-algo-2=none static-algo-3=none static-key-0="" static-key-1="" static-key-2="" static-key-3="" static-sta-private-algo=none static-sta-private-key="" static-transmit-key=key-0 \ supplicant-identity=0 tls-certificate=none tls-mode=no-certificates unicast-ciphers=tkip,aes-ccm wpa-pre-shared-key="" wpa2-pre-shared-key=""
Rozhraní s jménem CZFROAM nastavíme stejnojmenný profil zabezpečení:
/interface wireless set [find name="CZFROAM"] security-profile=CZFROAM