DOC

802.1x

By Scott Barnes,2014-06-27 23:16
12 views 0
802.1x

1. Client 设定:

2. Server 设定:

Radius客户端:

Policy:

3. Switch 设定:

sh run

Building configuration...

Current configuration : 1964 bytes

    !

    version 12.1

    no service pad

    service timestamps debug uptime service timestamps log uptime service password-encryption !

    hostname Switch

    !

    aaa new-model

    aaa authentication dot1x default group radius

    enable password 7

    !

    ip subnet-zero

    !

    vtp domain

    vtp mode transparent

    !

    spanning-tree mode pvst spanning-tree extend system-id !

    !

    vlan 20,100

    !

    !

    interface FastEthernet0/1

     switchport trunk encapsulation dot1q

     switchport mode trunk

     no ip address

    !

    interface FastEthernet0/2

     no ip address

    !

    interface FastEthernet0/3

     no ip address

    !

    interface FastEthernet0/4

     no ip address

    !

    interface FastEthernet0/5

     no ip address

    !

    interface FastEthernet0/6 !

    interface FastEthernet0/7

     no ip address

    !

    interface FastEthernet0/8

     no ip address

    !

    interface FastEthernet0/9

     no ip address

    !

    interface FastEthernet0/10

     switchport mode access

     no ip address

     dot1x port-control auto !

    interface FastEthernet0/11

     no ip address

    !

    interface FastEthernet0/12

     no ip address

    !

    interface FastEthernet0/13

     no ip address

    !

    interface FastEthernet0/14

     no ip address

    !

    interface FastEthernet0/15

     no ip address

    !

    interface FastEthernet0/16

     no ip address

    !

    interface FastEthernet0/17

     no ip address

    !

    interface FastEthernet0/18

     no ip address

    !

    interface FastEthernet0/19

     no ip address

    !

    interface FastEthernet0/20

     no ip address

    !

    interface FastEthernet0/21

     no ip address

    !

    interface FastEthernet0/22

     no ip address

    !

    interface FastEthernet0/23

     no ip address

    !

    interface FastEthernet0/24

     no ip address

    !

    interface GigabitEthernet0/1

     no ip address

    !

    interface GigabitEthernet0/2

     no ip address

    !

    interface Vlan1

     no ip address

     shutdown

    !

    interface Vlan100

     ip address 10.128.0.8 255.255.255.0

!

    ip default-gateway 10.128.0.254

    ip classless

    ip http server

    !

    !

    radius-server host 10.128.2.40 auth-port 1812 acct-port 1813 key test radius-server retransmit 3

    !

    line con 0

    line vty 0 4

     password 7

    line vty 5 15

    !

    end

Switch#

Debug dot1x all :

    : state ABORTING, event ENTRY, arg 0xDA4314

    18:01:03: dot1x-besm(Fa0/10): state RESPONSE, event INPUT, arg 0xDA4314 18:01:03: dot1x-reauthsm(Fa0/10): state INITIALIZE, event INPUT, arg 0xDA4314 18:01:03: dot1x-core(Fa0/10): control event

    18:01:03: dot1x-authsm(Fa0/10): state ABORTING, event CONTROL, arg 0x0 18:01:03: dot1x-besm(Fa0/10): state RESPONSE, event CONTROL, arg 0x0 18:01:03: dot1x-besm(Fa0/10): state INITIALIZE, event ENTRY, arg 0x0 18:01:03: dot1x-besm(Fa0/10): state IDLE, event ENTRY, arg 0x0 18:01:03: dot1x-reauthsm(Fa0/10): state INITIALIZE, event CONTROL, arg 0x0 18:01:03: dot1x-reauthsm(Fa0/10): reauth timer stopped

    18:01:03: dot1x-core(Fa0/10): control event

    18:01:03: dot1x-authsm(Fa0/10): state ABORTING, event CONTROL, arg 0x0 18:01:03: dot1x-authsm(Fa0/10): state CONNECTING, event ENTRY, arg 0x0 18:01:03: dot1x-core(Fa0/10): send EAPOL type=0, EAP code=1, id=6 18:01:03: dot1x-authsm(Fa0/10): connection retry 2 of 2

    18:01:03: dot1x-besm(Fa0/10): state IDLE, event CONTROL, arg 0x0 18:01:03: dot1x-reauthsm(Fa0/10): state INITIALIZE, event CONTROL, arg 0x0 18:01:03: dot1x-reauthsm(Fa0/10): reauth timer stopped

    18:01:03: dot1x-core(Fa0/10): EAPOL pkt in

    18:01:03: dot1x-core(Fa0/10): 00:08:74:E4:D3:55 sent EAPOL type=0, EAP code=2, id=6

    18:01:03: dot1x-authsm(Fa0/10): state CONNECTING, event INPUT, arg 0xDA6568 18:01:03: dot1x-authsm(Fa0/10): state AUTHENTICATING, event ENTRY, arg 0xDA6568

    18:01:03: dot1x-besm(Fa0/10): state IDLE, event INPUT, arg 0xDA6568 18:01:03: dot1x-reauthsm(Fa0/10): state INITIALIZE, event INPUT, arg 0xDA6568 18:01:03: dot1x-core(Fa0/10): control event

    18:01:03: dot1x-authsm(Fa0/10): state AUTHENTICATING, event CONTROL, arg 0x0

    18:01:03: dot1x-besm(Fa0/10): state IDLE, event CONTROL, arg 0x0 18:01:03: dot1x-besm(Fa0/10): state RESPONSE, event ENTRY, arg 0x0 18:01:03: dot1x-reauthsm(Fa0/10): state INITIALIZE, event CONTROL, arg 0x0 18:01:03: dot1x-reauthsm(Fa0/10): reauth timer stopped

    18:01:03: dot1x-core(Fa0/10): control event

    18:01:03: dot1x-authsm(Fa0/10): state AUTHENTICATING, event CONTROL, arg 0x0

    18:01:03: dot1x-besm(Fa0/10): state RESPONSE, event CONTROL, arg 0x0 18:01:03: dot1x-reauthsm(Fa0/10): state INITIALIZE, event CONTROL, arg 0x0 18:01:03: dot1x-reauthsm(Fa0/10): reauth timer stopped

    18:01:03: dot1x-backend(Fa0/10): [63] starting aaa sequence 18:01:03: dot1x-backend(Fa0/10): [63] relaying EAP data from supplicant 18:01:03: dot1x-backend(Fa0/10): [63] starting login

    18:01:03: dot1x-backend(Fa0/10): [63] login user GI\Administrator, client ID 00-08-74-E4-D3-55

    18:01:13: dot1x-backend(Fa0/10): [82] login failure returned 18:01:13: dot1x-backend(Fa0/10): [82] cleaning up AAA context (abort) 18:01:33: dot1x-core(Fa0/10): timer A_WHILE expired

Report this document

For any questions or suggestions please email
cust-service@docsford.com