226
8.3 802.1X Apply Example
10.1.1.1
10.1.1.2
Radi us Ser ver
10.1.1.3
Figure 8-2 IEEE802.1x configuration example topology figure
Computer connect to switch port 1/2, IEEE802.1x authentication function in port 1/2 is
enabled, the access method adopt default method is based on MAC address
authentication. Configure switch IP address to 10.1.1.2. Connect any port except for port
1/2 to RADIUS authentication server. Configure RADIUS authentication server IP address
as 10.1.1.3. authentication, accounting port default is port 1812 and port 1813. Setup
IEEE802.1x authentication client software in computer, and achieve IEEE802.1x
authentication by using this software.
Configuration steps as below: ↵
Switch(Config)#interface vlan 1↵
Switch(Config-if-vlan1)#ip address 10.1.1.2 255.255.255.0↵
Switch(Config-if-vlan1)#exit↵
Switch(Config)#radius-server authentication host 10.1.1.3↵
Switch(Config)#radius-server accounting host 10.1.1.3↵
Switch(Config)#radius-server key test↵
Switch(Config)#aaa enable↵
Switch(Config)#aaa-accounting enable↵
Switch(Config)#dot1x enable↵
Switch(Config)#interface ethernet 1/2
Switch(Config-Ethernet1/2)#dot1x enable↵
Switch(Config-Ethernet1/2)#dot1x port-control auto↵
Switch(Config-Ethernet1/2)#exit