1、11真实环境Cisco C2960X系列启用有线802.1X准入基于802.1x+AD+DHCP+NPS实现网络权限动态分配B-IT系统组梁金玉2019真实环境Cisco C2960X系列启用有线802.1X准入(基于802.1x+AD+DHCP+NPS实现网络权限动态分配) 1 公司的AD和DHCP服务器是默认存在的,这里就不做配置。2 交换机配置2.1公司原交换机配置命令:AL-C2960X-48TS-A1FTEST#sh running-config Building configuration.Current configuration : 3815 bytes! Last configuration change at 21:43:17 utc Tue Jun 11 2019! NVRAM config last updated at 21:41:24 utc Tue Jun 11 2019!version 15.2no service padservice timestamps debug datetime msec localtimeservice timestamps
2、log datetime msec localtimeservice password-encryption!hostname AL-C2960X-48TS-A1FTEST!boot-start-markerboot-end-marker!enable password 7 1531021F072514263827!username admin password 7 020401481F4D5D711D16aaa new-model!aaa authentication login bpt group radius localaaa authentication login nopassword noneaaa authentication dot1x default group radiusaaa authorization network default group radius !aaa session-id commonclock timezone utc 8 0switch 1 provision ws-c2960x-24ps-l!no ip domain-lookupip
3、domain-name !dot1x system-auth-control!spanning-tree mode mstspanning-tree portfast defaultspanning-tree extend system-id!spanning-tree mst configuration name pacific revision 10 instance 1 vlan 1-3 instance 2 vlan 5-8, 49-50 instance 3 vlan 9-10, 12, 51, 53 instance 4 vlan 13-15, 17, 88, 200!errdisable recovery cause udlderrdisable recovery cause bpduguarderrdisable recovery cause security-violationerrdisable recovery cause channel-misconfigerrdisable recovery cause pagp-flaperrdisable recovery
4、 cause dtp-flaperrdisable recovery cause link-flaperrdisable recovery cause sfp-config-mismatcherrdisable recovery cause gbic-invaliderrdisable recovery cause psecure-violationerrdisable recovery cause port-mode-failureerrdisable recovery cause dhcp-rate-limiterrdisable recovery cause pppoe-ia-rate-limiterrdisable recovery cause mac-limiterrdisable recovery cause vmpserrdisable recovery cause storm-controlerrdisable recovery cause inline-powererrdisable recovery cause arp-inspectionerrdisable re
5、covery cause loopbackerrdisable recovery cause small-frameerrdisable recovery cause psp!vlan internal allocation policy ascending!interface FastEthernet0 no ip address!interface GigabitEthernet1/0/1 switchport mode access authentication port-control auto dot1x pae authenticator!interface GigabitEthernet1/0/2!interface GigabitEthernet1/0/3!interface GigabitEthernet1/0/4!interface GigabitEthernet1/0/5!interface GigabitEthernet1/0/6!interface GigabitEthernet1/0/7!interface GigabitEthernet1/0/8!inte
6、rface GigabitEthernet1/0/9!interface GigabitEthernet1/0/10!interface GigabitEthernet1/0/11!interface GigabitEthernet1/0/12!interface GigabitEthernet1/0/13!interface GigabitEthernet1/0/14!interface GigabitEthernet1/0/15!interface GigabitEthernet1/0/16!interface GigabitEthernet1/0/17! interface GigabitEthernet1/0/18!interface GigabitEthernet1/0/19!interface GigabitEthernet1/0/20!interface GigabitEthernet1/0/21!interface GigabitEthernet1/0/22!interface GigabitEthernet1/0/23!interface GigabitEtherne
7、t1/0/24!interface GigabitEthernet1/0/25!interface GigabitEthernet1/0/26!interface GigabitEthernet1/0/27!interface GigabitEthernet1/0/28!interface Vlan1 ip address 192.168.168.199 255.255.254.0!ip default-gateway 192.168.168.3ip http serverip http secure-server!ip ssh authentication-retries 5ip ssh version 2!radius-server retransmit 2radius-server timeout 2radius-server deadtime 1!radius server Primary-Radius address ipv4 192.168.2.30 auth-port 1645 acct-port 1646 timeout 3 retransmit 3 key 7 140
8、7130805022328!radius server Alternate-Radius address ipv4 192.168.2.17 auth-port 1645 acct-port 1646 timeout 3 retransmit 3 key 7 06160E224548001A!line con 0 logging synchronous login authentication nopasswordline vty 0 4 login authentication bpt transport input sshline vty 5 15 transport input none!ntp server 192.168.0.5ntp server 192.168.2.7 preferend2.2radius 配置命令(原交换机已有Radius配置命令,这里不就需要重新输入命令)aaa authentication login bpt group radius local!radius-server retransmit 2radius-server timeout 2rad
9、ius-server deadtime 1!radius server Primary-Radius address ipv4 192.168.2.30 auth-port 1645 acct-port 1646 timeout 3 retransmit 3 key 7 071F204F470F1006!radius server Alternate-Radius address ipv4 192.168.2.17 auth-port 1645 acct-port 1646 timeout 3 retransmit 3 key 7 03145A080F09284F! 指定radius服务器IP、端口号和进行交互的使用的密码2.3新增加交换机配置命令2.3.1在全局配置增加以下命令AL-C2960X-48TS-A1FTE(config)#aaa new-model!启用aaaAL-C2960X-48TS-A1FTE(config)#aaa authentication dot1x default group radius ! dot1x使用radius做认证AL-C2960X-48TS-A1FTE(confi
《现实环境Cisco C2960X系列启用有线802.1X准入和动态VLAN》由会员t****分享,可在线阅读,更多相关《现实环境Cisco C2960X系列启用有线802.1X准入和动态VLAN》请在金锄头文库上搜索。