1.開啓全局的802.1x
config dot1x enable (dot1x缺省是關閉的)
2.設置端口爲強制認證
config port 24 dot1x authcontrolledportcontrol forceauth (dot1x端口缺省是未認證的)
3.設置端口爲mac-based
config port 2 dot1x port-control-mode mac-based (端口缺省是mac-based)
4.配置認證服務器
radius authentication add-server id 0 server-ip 192.168.56.242 client-ip 192.168.50.12 udp-port 1812
5.配置密碼
radius authentication config-server id 0 shared-secret msackey
6.配置計費
radius accounting add-server id 0 server-ip 192.168.56.242 client-ip 192.168.50.12 udp-port 1813
7.配置密碼
radius accounting config-server id 0 shared-secret msackey
8.開啓認證服務器
radius authentication enable
9.開啓計費服務器
radius accounting enable
10.設置認證的類型
config isp-domain default authentication type eap-md5
11.將認證和域關聯
config isp-domain default authentication config-server id 0 type primary
12.將計費和域管理
config isp-domain default accounting config-server id 0 type primary
港灣支持下發VLAN,不過要求下發vlan的名稱,未測試是否支持下發acl