版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
1、Cisco 2950G 802.1X+AD+CA+IAS进行802.1x身份验证要求:1. 交换机支持802.1X协议。2. 有一台RADIUS服务器。3. 一台客户端。网络拓扑:验证方式:PEAP验证:使用证书AD用户集成认证;环境:Operation System: Windows 2003 enterprise editionRadius Server: windows IA
2、S(Internet 验证服务,windows组件中安装) CA Server: Windows CA证书服务(windows组件中安装)Radius Client: Windows自带。(网络连接->属性->验证),如果没有“验证”选项卡,则是相关服务没有启用。(开始->运行->services.msc->启动” Wireless Zero Configuration”服务)配置:1. 安装域,域名暂时定为:。过程略,查看相关文档2.
3、; 安装IIS(Internet信息服务),IAS,CA:控制面板>添加/删除程序->安装windows组件,如图: 意先安装IIS->CA->IAS,顺序不能乱了.3. 配置CA:配置过程略,参考相关资料.4. CISCO 2950G-48-EI交换机配置:Building configuration. Current configuration : 4944 bytes!version 12.1no s
4、ervice padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryption!hostname Layer_4_2!aaa new-modelaaa authentication dot1x default group radiusaaa authorization network default group radius!ip subnet-zero!spanning-tree mode mstno spanning-tree optimize bpdu transmi
5、ssionspanning-tree extend system-iddot1x system-auth-control!interface FastEthernet0/1 switchport access vlan 6!interface FastEthernet0/1.1!interface FastEthernet0/2 switchport access vlan 6!interface FastEthernet0/3 switchport access vlan 6!interface FastEthernet0/4 switchport access vlan 6 spannin
6、g-tree portfast!interface FastEthernet0/5 switchport access vlan 6 spanning-tree portfast! interface FastEthernet0/6 switchport access vlan 6 spanning-tree portfast!interface FastEthernet0/7 switchport access vlan 6 spanning-tree portfast!interface FastEthernet0/8 switchport access vlan 6 spanning-t
7、ree portfast!interface FastEthernet0/9 switchport access vlan 6 spanning-tree portfast!interface FastEthernet0/10 switchport access vlan 6 spanning-tree portfast!interface FastEthernet0/11 switchport access vlan 6 spanning-tree portfast!interface FastEthernet0/12 switchport access vlan 6 spanning-tr
8、ee portfast!interface FastEthernet0/13 switchport access vlan 6 spanning-tree portfast!interface FastEthernet0/14 switchport access vlan 6 spanning-tree portfast!interface FastEthernet0/15 switchport access vlan 6 spanning-tree portfast!interface FastEthernet0/16 switchport access vlan 6 spanning-tr
9、ee portfast!interface FastEthernet0/17 switchport access vlan 6 spanning-tree portfast!interface FastEthernet0/18 switchport access vlan 6 spanning-tree portfast!interface FastEthernet0/19 switchport access vlan 6 spanning-tree portfast!interface FastEthernet0/20 switchport access vlan 6!interface F
10、astEthernet0/21 switchport access vlan 6 spanning-tree portfast!interface FastEthernet0/22 switchport access vlan 6 spanning-tree portfast!interface FastEthernet0/23 switchport access vlan 6 spanning-tree portfast!interface FastEthernet0/24 switchport access vlan 6 spanning-tree portfast!interface F
11、astEthernet0/25 switchport access vlan 6 spanning-tree portfast!interface FastEthernet0/26 switchport access vlan 6 spanning-tree portfast!interface FastEthernet0/27 switchport access vlan 6 spanning-tree portfast!interface FastEthernet0/28 switchport access vlan 6 spanning-tree portfast!interface F
12、astEthernet0/29 switchport access vlan 6 spanning-tree portfast!interface FastEthernet0/30 switchport access vlan 6 spanning-tree portfast!interface FastEthernet0/31 switchport access vlan 6 spanning-tree portfast!interface FastEthernet0/32 switchport access vlan 6 spanning-tree portfast!interface F
13、astEthernet0/33 switchport access vlan 7 spanning-tree portfast!interface FastEthernet0/34 switchport access vlan 7 spanning-tree portfast! interface FastEthernet0/35 switchport access vlan 7 spanning-tree portfast!interface FastEthernet0/36 switchport mode access dot1x port-control auto dot1x guest
14、-vlan 21 spanning-tree portfast!interface FastEthernet0/37 switchport access vlan 7 spanning-tree portfast!interface FastEthernet0/38 switchport access vlan 7 spanning-tree portfast!interface FastEthernet0/39 switchport access vlan 7 spanning-tree portfast!interface FastEthernet0/40 switchport acces
15、s vlan 7 spanning-tree portfast!interface FastEthernet0/41 switchport access vlan 7 spanning-tree portfast!interface FastEthernet0/42 switchport access vlan 7 spanning-tree portfast!interface FastEthernet0/43 switchport access vlan 7 spanning-tree portfast!interface FastEthernet0/44 switchport acces
16、s vlan 7 spanning-tree portfast!interface FastEthernet0/45 switchport access vlan 7 spanning-tree portfast! interface FastEthernet0/46 switchport access vlan 7 spanning-tree portfast!interface FastEthernet0/47 switchport access vlan 7 spanning-tree portfast!interface FastEthernet0/48 switchport acce
17、ss vlan 7 spanning-tree portfast!interface GigabitEthernet0/1 switchport mode trunk!interface GigabitEthernet0/2!interface Vlan1 no ip route-cache!interface Vlan6 no ip route-cache shutdown!interface Vlan7 no ip route-cache shutdown!ip http serverradius-server host auth-port 1812 acct-po
18、rt 1813 key testradius-server retransmit 3radius-server vsa send authentication!line con 0line vty 0 4!monitor session 1 source interface Fa0/1monitor session 1 destination interface Fa0/43end Layer_4_2#5. 配置IAS:a) 打开IAS:b) 新建立”RADIUS客户端”: c) 新建访问策略 d) 修改策略属性6. 客户端设置:a) &
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 安全生产管理培训课件
- 性传播感染预防课件
- 小学数学教学课件:认识日历
- 2025年专项成套装置合作协议书
- 医疗技术准入管理体系构建
- 建筑工程施工现场施工安全技术管理课件
- 强化团队成员协作与忠诚度:培训课件
- 黔南州2024-2025学年度第一学期期末质量监测 数学
- 辽宁省丹东市2025届高三上学期1月期末教学质量调研测试物理
- 2024年甘肃省定西市三上数学期末学业水平测试模拟试题含解析
- 施工监理投标报价单
- 诉讼材料接收表
- 机动车驾驶员体检表
- 阳江海上风电项目建议书
- 大学本科毕业设计毕业论文-网上药店管理系统的设计与实现
- DBJ∕T 13-264-2017 福建省石砌体结构加固技术规程
- 洞口县黄桥镇污水处理厂入河排污口设置论证报告
- T∕CGMA 081001-2018 整体式高速齿轮传动装置通用技术规范
- 核事故现场处置中的洗消问题
- FeNO测定及应用
- 配电房值班电工技能考核(答案)
评论
0/150
提交评论