1、12真实环境Cisco C2918系列启用有线802.1X准入 基于802.1x+AD+DHCP+NPS实现网络权限动态分配B-IT系统组梁金玉2019真实环境Cisco C2918系列启用有线802.1X准入(基于802.1x+AD+DHCP+NPS实现网络权限动态分配) 1 公司的AD和DHCP服务器是默认存在的,这里就不做配置。2 交换机配置2.1公司原交换机配置命令:AL-C2918-E4F02#sh running-config Building configuration.Current configuration : 6091 bytes!No configuration change since last restart!version 12.2no service padservice timestamps debug datetime msec localtimeservice timestamps log datetime msec localtimeservice password-encryption!hostname AL-C2918-E4F02!boot-
2、start-markerboot-end-marker!enable password 7 00271A15075434041F35!username admin password 7 070D245F5A424B55464Aaaa new-model!aaa authentication login bpt group radius localaaa authentication login nopassword noneaaa authentication dot1x default group radiusaaa authorization network default group radius !aaa session-id commonclock timezone utc 8system mtu routing 1500ip subnet-zerono ip domain-lookup!crypto pki trustpoint TP-self-signed-4265470208 enrollment selfsigned subject-name cn=IOS-Self-
3、Signed-Certificate-4265470208 revocation-check none rsakeypair TP-self-signed-4265470208!dot1x system-auth-control!errdisable recovery cause udlderrdisable recovery cause bpduguarderrdisable recovery cause security-violationerrdisable recovery cause channel-misconfigerrdisable recovery cause pagp-flaperrdisable recovery cause dtp-flaperrdisable recovery cause link-flaperrdisable recovery cause sfp-config-mismatcherrdisable recovery cause gbic-invaliderrdisable recovery cause psecure-violationerr
4、disable recovery cause port-mode-failureerrdisable recovery cause dhcp-rate-limiterrdisable recovery cause mac-limiterrdisable recovery cause vmpserrdisable recovery cause storm-controlerrdisable recovery cause loopbackerrdisable recovery cause small-frameerrdisable recovery interval 30!spanning-tree mode mstspanning-tree portfast defaultspanning-tree extend system-id!spanning-tree mst configuration name pacific revision 10 instance 1 vlan 1-3 instance 2 vlan 5-8, 49-50 instance 3 vlan 9-10, 12,
5、 51, 53 instance 4 vlan 13-15, 17, 88, 200!vlan internal allocation policy ascending!interface FastEthernet0/1 switchport mode access dot1x pae authenticator dot1x port-control auto dot1x violation-mode protect!interface FastEthernet0/2 switchport access vlan 17 switchport mode access! interface FastEthernet0/3 switchport access vlan 8 switchport mode access dot1x pae authenticator dot1x port-control auto dot1x violation-mode protect!interface FastEthernet0/4 switchport access vlan 17 switchport
6、 mode access!interface FastEthernet0/5 switchport access vlan 17 switchport mode access!interface FastEthernet0/6 switchport access vlan 17 switchport mode access!interface FastEthernet0/7 switchport access vlan 17 switchport mode access! interface FastEthernet0/8 switchport access vlan 17 switchport mode access!interface FastEthernet0/9 switchport access vlan 17 switchport mode access!interface FastEthernet0/10 switchport access vlan 17 switchport mode access!interface FastEthernet0/11 switchpo
7、rt access vlan 17 switchport mode access!interface FastEthernet0/12 switchport access vlan 17 switchport mode access!interface FastEthernet0/13 switchport access vlan 17 switchport mode access!interface FastEthernet0/14 switchport access vlan 17 switchport mode access!interface FastEthernet0/15 switchport access vlan 17 switchport mode access!interface FastEthernet0/16 switchport access vlan 17 switchport mode access!interface FastEthernet0/17 switchport access vlan 17 switchport mode access!int
8、erface FastEthernet0/18 switchport access vlan 17 switchport mode access!interface FastEthernet0/19 switchport access vlan 17 switchport mode access!interface FastEthernet0/20 switchport access vlan 17 switchport mode access!interface FastEthernet0/21 switchport access vlan 17 switchport mode access!interface FastEthernet0/22 switchport access vlan 17 switchport mode access!interface FastEthernet0/23 switchport access vlan 17 switchport mode access!interface FastEthernet0/24 switchport access vl
9、an 17 switchport mode access!interface GigabitEthernet0/1 switchport mode trunk!interface GigabitEthernet0/2 switchport mode trunk shutdown!interface Vlan1 ip address 192.168.168.148 255.255.254.0 no ip route-cache!ip default-gateway 192.168.168.3ip http serverip http secure-serverradius-server host 192.168.2.30 auth-port 1645 acct-port 1646 key 7 051B070C284A470Aradius-server retransmit 2radius-server timeout 2radius-server deadtime 1!control-plane!line con 0 login authentication nopasswordline vty 0 4 pa
《现实环境Cisco C2918系列启用有线802.1X准入和动态VLAN》由会员t****分享,可在线阅读,更多相关《现实环境Cisco C2918系列启用有线802.1X准入和动态VLAN》请在金锄头文库上搜索。