1.开启全局的802.1x
config dot1x enable (dot1x缺省是关闭的)
2.设置端口为强制认证
config port 24 dot1x authcontrolledportcontrol forceauth (dot1x端口缺省是未认证的)
3.设置端口为mac-based
config port 2 dot1x port-control-mode mac-based (端口缺省是mac-based)
4.配置认证服务器
radius authentication add-server id 0 server-ip 192.168.56.242 client-ip 192.168.50.12 udp-port 1812
5.配置密码
radius authentication config-server id 0 shared-secret msackey
6.配置计费
radius accounting add-server id 0 server-ip 192.168.56.242 client-ip 192.168.50.12 udp-port 1813
7.配置密码
radius accounting config-server id 0 shared-secret msackey
8.开启认证服务器
radius authentication enable
9.开启计费服务器
radius accounting enable
10.设置认证的类型
config isp-domain default authentication type eap-md5
11.将认证和域关联
config isp-domain default authentication config-server id 0 type primary
12.将计费和域管理
config isp-domain default accounting config-server id 0 type primary
港湾支持下发VLAN,不过要求下发vlan的名称,未测试是否支持下发acl
转载于:https://blog.51cto.com/hoytluo/568642