dot1x
dot1x authentication-method eap /*默认是chap认证,当时在客户的环境中使用的是默认的chap认证,但是802.1x不通过,改成eap认证就好了*/
interface GigabitEthernet1/0/1
port access vlan 196
dot1x
dot1x mandatory-domain aaa
radius scheme bj_radius
primary authentication 12.2.0.5
primary accounting 12.2.0.5
secondary authentication 12.2.0.6
secondary authentication 12.2.0.1
secondary accounting 12.2.0.6
secondary accounting 12.2.0.1
key authentication simple bjfh10.2.0.0
key accounting simple bjfh10.2.0.0
user-name-format without-domain
nas-ip 12.2.8.20
quit
domain aaa
authentication lan-access radius-scheme bj_radius none
authorization lan-access radius-scheme bj_radius none
accounting lan-access radius-scheme bj_radius none
quit
domain default enable aaa
Radius服务器的设置请参考文档
本文转自杰1992 51CTO博客,原文链接:http://blog.51cto.com/holger/1936549,如需转载请自行联系原作者
