拓撲:
![p_w_picpath_thumb[2]](https://s4.51cto.com/attachment/201202/5/3312095_13284249607WZW.png "p_w_picpath_thumb[2]")
10.1.1.1爲PC,PC要使用用戶名和密碼才能接入。
配置:
SW1
aaa new-model
aaa authentication dot1x default group radius //啓用dot1x認證
dot1x system-auth-control //全局開啓dot1x
interface FastEthernet0/0
switchport trunk allowed vlan 1,2,1002-1005
interface FastEthernet0/1
switchport access vlan 2
dot1x port-control auto //auto認證
no cdp enable
spanning-tree portfast
interface Vlan1
ip address 10.1.1.50 255.255.255.0
ip route 192.168.1.0 255.255.255.0 10.1.1.254
radius-server host 192.168.1.1 auth-port 1812 acct-port 1646 key cisco //定義AAA服務器
R1
interface FastEthernet1/0
ip address 192.168.1.254 255.255.255.0
interface FastEthernet1/1
ip address 10.1.1.254 255.255.255.0
定義SW1爲AAA Client
![p_w_picpath_thumb[5]](https://s4.51cto.com/attachment/201202/5/3312095_1328424962cZhu.png "p_w_picpath_thumb[5]")
創建一個用戶cisco,密碼cisco
![p_w_picpath_thumb[8]](https://s4.51cto.com/attachment/201202/5/3312095_1328424964ubZE.png "p_w_picpath_thumb[8]")
測試一下連通性
![p_w_picpath_thumb[10]](https://s4.51cto.com/attachment/201202/5/3312095_13284249677MuO.png "p_w_picpath_thumb[10]")
啓用dot1x的端口自動shutdown
![p_w_picpath_thumb[13]](https://s4.51cto.com/attachment/201202/5/3312095_13284249684je6.png "p_w_picpath_thumb[13]")
PC提示輸入用戶名和密碼
![p_w_picpath_thumb[15]](https://s4.51cto.com/attachment/201202/5/3312095_1328424969w8n8.png "p_w_picpath_thumb[15]")
![p_w_picpath_thumb[17]](https://s4.51cto.com/attachment/201202/5/3312095_13284249719n4P.png "p_w_picpath_thumb[17]")
![p_w_picpath_thumb[19]](https://s4.51cto.com/attachment/201202/5/3312095_1328424973qDPi.png "p_w_picpath_thumb[19]")