Technorati 标签: 802.1X

                      About the 802.1X testing report

1,Testing topology:

clip_p_w_picpath002

Description:

The backbone ISP provide the MPLS layer 3 ××× to ending customer.

By the branch side , MP3000-8T layer 2 switch port 2 enable the 802.1X, then when client PC want to access the HQ side, first will pass the 802.1X authentication then switch 3000B port 2 will be opened.

The Radius server is in HQ side.

This testing need to confirm that client PC can successful pass the 802.1X authentication.

2, Testing configuration for all the device:

MP3000-8T layer 2 switch:

hostname MP3000B-8T

vlan 1

!

radius-server key maipu

radius-server authentication host 83.2.1.2

radius-server accounting host 83.2.1.2

aaa-accounting enable

aaa enable

!

dot1x enable

!

Interface Ethernet1/1

!

Interface Ethernet1/2

dot1x enable

dot1x port-method macbased

!

!

interface Vlan1

ip address 111.11.1.3 255.255.255.0

!

ip default-gateway 111.11.1.1

!

MP1800-CPE-D:

hostname MP1800-D

interface fastethernet0

ip address 172.1.1.2 255.255.255.0

exit

interface fastethernet1

ip address 111.11.1.1 255.255.255.0

exit

ip route 0.0.0.0 0.0.0.0 172.1.1.1

MP2800-PE-1:

hostname MP2800-PE-1

mpls ip

ip vrf maipu

rd 1:1

route-target export 1:1

route-target import 1:1

exit

interface loopback0

ip address 1.1.1.1 255.255.255.255

exit

interface fastethernet0

ip vrf forwarding maipu

ip address 172.1.1.1 255.255.255.0

exit

interface fastethernet1

ip address 192.168.1.1 255.255.255.0

mpls ip

mpls ldp

exit

router ospf 1

router-id 1.1.1.1

network 0.0.0.0 255.255.255.255 area 0

exit

router bgp 65000

no auto-summary

no synchronization

bgp router-id 1.1.1.1

neighbor 2.2.2.2 remote-as 65000

neighbor 2.2.2.2 update-source loopback0

neighbor 2.2.2.2 next-hop-self

address-family ***v4

neighbor 2.2.2.2 activate

neighbor 2.2.2.2 send-community extended

exit-address-family

address-family ipv4 vrf maipu

redistribute connected

redistribute static

exit-address-family

exit

mpls ldp

router-id 1.1.1.1

transport-address 1.1.1.1

targeted-peer 2.2.2.2

exit

ip route vrf maipu 111.11.1.0 255.255.255.0 172.1.1.2

MP2800-PE-2:

hostname MP2800-PE-2

mpls ip

ip vrf maipu

rd 1:1

route-target export 1:1

route-target import 1:1

exit

interface loopback0

ip address 2.2.2.2 255.255.255.255

exit

interface fastethernet0

ip vrf forwarding maipu

ip address 172.1.2.1 255.255.255.0

exit

interface fastethernet1

ip address 192.168.1.2 255.255.255.0

mpls ip

mpls ldp

exit

router ospf 1

router-id 2.2.2.2

network 0.0.0.0 255.255.255.255 area 0

exit

router bgp 65000

no auto-summary

no synchronization

bgp router-id 2.2.2.2

neighbor 1.1.1.1 remote-as 65000

neighbor 1.1.1.1 update-source loopback0

neighbor 1.1.1.1 next-hop-self

address-family ***v4

neighbor 1.1.1.1 activate

neighbor 1.1.1.1 send-community extended

exit-address-family

address-family ipv4 vrf maipu

redistribute connected

redistribute static

exit-address-family

exit

mpls ldp

router-id 2.2.2.2

transport-address 2.2.2.2

targeted-peer 1.1.1.1

exit

ip route vrf maipu 83.2.1.0 255.255.255.0 172.1.2.2

MP1800-U:

hostname MP1800-U

interface fastethernet0

ip address 172.1.2.2 255.255.255.0

exit

interface fastethernet1

ip address 83.2.1.1 255.255.255.0

exit

ip route 0.0.0.0 0.0.0.0 172.1.2.1

3, Testing snapshots:

For the client PC 111.11.1.2. before authentication , can not ping the MP1800-U (MP2824) HQ side IP address 83.2.1.2.

clip_p_w_picpath004

And before authentication , on the MP3000B-8T switch, we can see the status for the client PC :

clip_p_w_picpath006

And after the client send the username and password and passed the authentication:

clip_p_w_picpath008

And on the MP3000B-8T switch, we can see that client PC is already successful passed the authentication:

clip_p_w_picpath010

Finally on the server, we can see successful passed the username and password:

clip_p_w_picpath012