交换机dot1x认证配置

设备分配IP 12.16.43.250 vlan 分配IP 12.16.43.251

华为交换机

配置vlan

interface vlanif xx
vlan xx ip address 16.12.43.251 255.255.255.0 (vlan ip 在认证界面添加交换机参数使用)

radius-server

radius-server template radius1(自己起)
radius-server shared-key cipher 123456(自己起)
radius-server authentication 16.12.43.250 1812 weight 80
radius-server accounting 16.12.43.250 1813 weight 80
radius-server nas-port-format old radius-server nas-port-id-format old

AAA

authentication-scheme authen1(自己起)
authentication-mode radius
authorization-scheme author1(自己起)
authorization-mode none
accounting-scheme acct1(自己起)
accounting-mode radius
accounting realtime 3

domain

domain 8021x(自己起)
authentication-scheme authen1(前面创建的)
accounting-scheme acct1(前面创建的)
authorization-scheme author1(前面创建的)
radius-server radius1(前面创建的)

开启全局dot1x

dot1x enable(全局)
dot1x authentication-method eap
dot1x quiet-period
dot1x timer quiet-period 3
dot1x timer reauthentication-period 1800

开启端口dot1x

interface GigabitEtherent x/x/A
dot1x enable
dot1x port-control auto
dot1x port-method mac
dot1x reauthenticate

最后输入domain 8021x(前面起)

---

使用HUAWEI S5720交换机配置dot1x时,在进入端口开启dot1x时，使用命令authentication dot1x开启端口dot1x认证