拓扑:

p_w_picpath_thumb[2] 

10.1.1.1为PC,PC要使用用户名和密码才能接入。

配置:

SW1

aaa new-model                                                                                 
aaa authentication dot1x default group radius           //启用dot1x认证
 

dot1x system-auth-control                                             //全局开启dot1x
 

interface FastEthernet0/0
switchport trunk allowed vlan 1,2,1002-1005

interface FastEthernet0/1
switchport access vlan 2
dot1x port-control auto                                              //auto认证
no cdp enable
spanning-tree portfast
 

interface Vlan1
ip address 10.1.1.50 255.255.255.0
 

ip route 192.168.1.0 255.255.255.0 10.1.1.254
 

radius-server host 192.168.1.1 auth-port 1812 acct-port 1646 key cisco         //定义AAA服务器

 

R1

interface FastEthernet1/0
ip address 192.168.1.254 255.255.255.0

interface FastEthernet1/1
ip address 10.1.1.254 255.255.255.0

 

 

定义SW1为AAA Client

p_w_picpath_thumb[5]

创建一个用户cisco,密码cisco

p_w_picpath_thumb[8]

 

测试一下连通性

p_w_picpath_thumb[10]

启用dot1x的端口自动shutdown

p_w_picpath_thumb[13]

PC提示输入用户名和密码

p_w_picpath_thumb[15]

p_w_picpath_thumb[17]

p_w_picpath_thumb[19]