华为设备基于端口的acs应用

 

基于端口控制的acs应用

 

要求：vlan10内的pc能够自动获得地址，实现vlan10与vlan20间通信，并在交换机上实现端口控制。

 

Sw1的基本配置

[Quidway]inter vlan 1

[Quidway-Vlan-interface1]ip add 192.168.101.1.100

[Quidway-Vlan-interface1]vlan 10

[Quidway-vlan10]port e1/0/10

[Quidway-vlan10]port e1/0/12

[Quidway-vlan10]vlan 20

[Quidway-vlan20]port e1/0/20

[Quidway-vlan20]port e1/0/22

 

[Quidway]dot1x

 802.1X is enabled globally.

[Quidway]inter eth1/0/10

[Quidway-Ethernet1/0/10]dot1x

 802.1X is enabled on port Ethernet1/0/10.

 

[Quidway]radius scheme aaa

[Quidway-radius-aaa]primary authentication 192.168.101.66

[Quidway-radius-aaa]key authentication 123456

[Quidway-radius-aaa]server-type standard

[Quidway-radius-aaa]user-name-format without-domain

[Quidway-radius-aaa]accounting optional

 

[Quidway]domain com

[Quidway-isp-com]radius-scheme aaa

防火墙的基本配置

 

[H3C]inter eth0/0.10

[H3C-Ethernet0/0.10]vlan-type dot1q vid 10

[H3C-Ethernet0/0.10]ip add 192.168.10.254 255.255.255.0

 

[H3C-Ethernet0/0.10]inter eth0/0.20

[H3C-Ethernet0/0.20]vlan-type dot1q vid 20

[H3C-Ethernet0/0.20]ip add 192.168.20.254 255.255.255.0

[H3C-Ethernet0/0.20]q

[H3C]inter eth0/4

[H3C-Ethernet0/4]ip add 192.168.101.88 255.255.255.0

 

转载于:https://blog.51cto.com/nshao/1076547