網絡拓撲:
<layer_2_3>dis cu
#
sysname layer_2_3
#
domain default enable autonavi.com //使能自己建立的域
#
loopback-detection enable
#
gvrp
#
dot1x //全局啓用802.1x
dot1x authentication-method eap //使用EAP驗證方式
#
radius scheme system
radius scheme test //建立test
server-type standard
primary authentication 192.168.0.2 //指定主驗證服務器,還可以指定輔驗證服務器
#
sysname layer_2_3
#
domain default enable autonavi.com //使能自己建立的域
#
loopback-detection enable
#
gvrp
#
dot1x //全局啓用802.1x
dot1x authentication-method eap //使用EAP驗證方式
#
radius scheme system
radius scheme test //建立test
server-type standard
primary authentication 192.168.0.2 //指定主驗證服務器,還可以指定輔驗證服務器
accounting optional //計費可選項,注意,當沒有計費服務器,必須加上這條命令,否則無法驗證通過
key authentication test //驗證密碼:test
#
domain test.com //建立域test.com
scheme radius-scheme test //使用上面建立的radius schem:test
vlan-assignment-mode string //指定VLAN匹配模式爲字符型(string),也可以指定匹配模式爲整形(integer),這個與radius server屬性裏面的設置是相關聯的。
domain system
#
stp enable
#
#
vlan 1
#
vlan 3
key authentication test //驗證密碼:test
#
domain test.com //建立域test.com
scheme radius-scheme test //使用上面建立的radius schem:test
vlan-assignment-mode string //指定VLAN匹配模式爲字符型(string),也可以指定匹配模式爲整形(integer),這個與radius server屬性裏面的設置是相關聯的。
domain system
#
stp enable
#
#
vlan 1
#
vlan 3
name test
#
vlan 21
#
vlan 21
name guest-vlan
#
interface Vlan-interface1
ip address 192.168.0.1 255.255.255.0
#
interface Vlan-interface7
#
interface Aux1/0/0
#
interface Ethernet1/0/1
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/2
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/3
broadcast-suppression 40 //廣播抑制,無關緊要。
dot1x port-method portbased
dot1x guest-vlan 21 //驗證不通過時,將獲得vlan21的內容。
dot1x
#
interface Ethernet1/0/4
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/5
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/6
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/7
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/8
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/9
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/10
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/11
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/12
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/13
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/14
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/15
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/16
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/17
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/18
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/19
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/20
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/21
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/22
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/23
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/24
broadcast-suppression 40
port access vlan 3
#
interface GigabitEthernet1/1/1
port link-type trunk
port trunk permit vlan all
broadcast-suppression 40
gvrp
#
interface GigabitEthernet1/1/2
port link-type trunk
port trunk permit vlan all
broadcast-suppression 40
#
interface GigabitEthernet1/1/3
port link-type trunk
port trunk permit vlan all
broadcast-suppression 40
gvrp
#
interface GigabitEthernet1/1/4
broadcast-suppression 40
port access vlan 3
#
undo irf-fabric authentication-mode
#
interface NULL0
#
voice vlan mac-address 0001-e300-0000 mask ffff-ff00-0000
#
#
#
user-interface aux 0 7
user-interface vty 1 4
#
return
#
interface Vlan-interface1
ip address 192.168.0.1 255.255.255.0
#
interface Vlan-interface7
#
interface Aux1/0/0
#
interface Ethernet1/0/1
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/2
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/3
broadcast-suppression 40 //廣播抑制,無關緊要。
dot1x port-method portbased
dot1x guest-vlan 21 //驗證不通過時,將獲得vlan21的內容。
dot1x
#
interface Ethernet1/0/4
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/5
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/6
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/7
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/8
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/9
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/10
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/11
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/12
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/13
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/14
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/15
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/16
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/17
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/18
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/19
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/20
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/21
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/22
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/23
broadcast-suppression 40
port access vlan 3
#
interface Ethernet1/0/24
broadcast-suppression 40
port access vlan 3
#
interface GigabitEthernet1/1/1
port link-type trunk
port trunk permit vlan all
broadcast-suppression 40
gvrp
#
interface GigabitEthernet1/1/2
port link-type trunk
port trunk permit vlan all
broadcast-suppression 40
#
interface GigabitEthernet1/1/3
port link-type trunk
port trunk permit vlan all
broadcast-suppression 40
gvrp
#
interface GigabitEthernet1/1/4
broadcast-suppression 40
port access vlan 3
#
undo irf-fabric authentication-mode
#
interface NULL0
#
voice vlan mac-address 0001-e300-0000 mask ffff-ff00-0000
#
#
#
user-interface aux 0 7
user-interface vty 1 4
#
return