拓撲:
10.1.1.1爲PC,PC要使用用戶名和密碼才能接入。
配置:
SW1
aaa new-model
aaa authentication dot1x default group radius //啓用dot1x認證
dot1x system-auth-control //全局開啓dot1x
interface FastEthernet0/0
switchport trunk allowed vlan 1,2,1002-1005
interface FastEthernet0/1
switchport access vlan 2
dot1x port-control auto //auto認證
no cdp enable
spanning-tree portfast
interface Vlan1
ip address 10.1.1.50 255.255.255.0
ip route 192.168.1.0 255.255.255.0 10.1.1.254
radius-server host 192.168.1.1 auth-port 1812 acct-port 1646 key cisco //定義AAA服務器
R1
interface FastEthernet1/0
ip address 192.168.1.254 255.255.255.0
interface FastEthernet1/1
ip address 10.1.1.254 255.255.255.0
定義SW1爲AAA Client
創建一個用戶cisco,密碼cisco
測試一下連通性
啓用dot1x的端口自動shutdown
PC提示輸入用戶名和密碼