华为dot1x认证测试配置
d cu#
!Software Version V100R006C03
sysname NW_HJ_NACC_5F-3_S3700
#
info-center source default channel 0 trap state off level warning
#
vlan batch 9 to 11 999
#
domain radius
#
dot1x enable
dot1x authentication-method eap
#
http server load flash:/s3700-52p-ei-v100r006c03.web.zip
#
radius-server template dot1xserver
radius-server shared-key cipher %$%$VcUC)ROF"+l[Y03TVe6OAh_V%$%$
radius-server authentication 10.209.2.10 1812
radius-server authentication 10.209.2.11 1812 secondary
radius-server accounting 10.209.2.10 1813
radius-server accounting 10.209.2.11 1813 secondary
radius-server retransmit 2
#
acl number 2001
rule 1 permit source 10.211.2.209 0
rule 2 permit source 10.211.2.248 0
rule 3 permit source 10.209.58.137 0
rule 4 permit source 10.209.58.132 0
rule 5 permit source 10.209.45.210 0
rule 6 permit source 10.209.58.65 0
rule 7 permit source 10.209.5.30 0
rule 10 deny
#
aaa
authentication-scheme default
authentication-scheme dot1xscheme
authentication-mode radius
authorization-scheme default
accounting-scheme default
accounting-scheme dot1xscheme
accounting-mode radius
domain default
domain default_admin
domain radius
authentication-scheme dot1xscheme
accounting-scheme dot1xscheme
radius-serverdot1xserver
local-user admin password cipher %$%$XI]R%H]CF4be-VK0MiqCSXOF%$%$
local-user admin privilege level 15
local-user admin service-type ssh http
#
interface Vlanif1
#
interface Vlanif999
ip address 10.209.13.212 255.255.255.224
#
interface Ethernet0/0/1
port link-type access
port default vlan 9
#
interface Ethernet0/0/2
port link-type access
port default vlan 9
#
interface Ethernet0/0/3
port link-type access
port default vlan 11
#
interface Ethernet0/0/4
port link-type access
port default vlan 11
#
interface Ethernet0/0/5
port link-type access
port default vlan 10
#
interface Ethernet0/0/6
port link-type access
port default vlan 10
#
interface Ethernet0/0/7
port link-type access
port default vlan 10
#
interface Ethernet0/0/8
port link-type access
port default vlan 10
#
interface Ethernet0/0/9
port link-type access
port default vlan 10
#
interface Ethernet0/0/10
port link-type access
port default vlan 10
#
interface Ethernet0/0/11
port link-type access
port default vlan 11
#
interface Ethernet0/0/12
port link-type access
port default vlan 10
#
interface Ethernet0/0/13
port link-type access
port default vlan 10
#
interface Ethernet0/0/14
port link-type access
port default vlan 10
#
interface Ethernet0/0/15
port link-type access
port default vlan 10
#
interface Ethernet0/0/16
port link-type access
port default vlan 10
dot1x enable
#
interface Ethernet0/0/17
port link-type access
port default vlan 10
#
interface Ethernet0/0/18
port link-type access
port default vlan 10
#
interface Ethernet0/0/19
port link-type access
port default vlan 10
#
interface Ethernet0/0/20
port link-type access
port default vlan 10
#
interface Ethernet0/0/21
port link-type access
port default vlan 10
#
interface Ethernet0/0/22
port link-type access
port default vlan 11
#
interface Ethernet0/0/23
port link-type access
port default vlan 10
#
interface Ethernet0/0/24
port link-type access
port default vlan 10
#
interface Ethernet0/0/25
port link-type access
port default vlan 11
#
interface Ethernet0/0/26
port link-type access
port default vlan 11
#
interface Ethernet0/0/27
port link-type access
port default vlan 11
#
interface Ethernet0/0/28
port link-type access
port default vlan 11
#
interface Ethernet0/0/29
port link-type access
port default vlan 11
#
interface Ethernet0/0/30
port link-type access
port default vlan 11
#
interface Ethernet0/0/31
port link-type access
port default vlan 11
#
interface Ethernet0/0/32
port link-type access
port default vlan 11
#
interface Ethernet0/0/33
port link-type access
port default vlan 11
#
interface Ethernet0/0/34
port link-type access
port default vlan 11
#
interface Ethernet0/0/35
port link-type access
port default vlan 11
#
interface Ethernet0/0/36
port link-type access
port default vlan 11
#
interface Ethernet0/0/37
port link-type access
port default vlan 11
#
interface Ethernet0/0/38
port link-type access
port default vlan 11
#
interface Ethernet0/0/39
port link-type access
port default vlan 11
#
interface Ethernet0/0/40
port link-type access
port default vlan 11
#
interface Ethernet0/0/41
port link-type access
port default vlan 11
#
interface Ethernet0/0/42
port link-type access
port default vlan 11
#
interface Ethernet0/0/43
port link-type access
port default vlan 11
#
interface Ethernet0/0/44
port link-type access
port default vlan 11
#
interface Ethernet0/0/45
port link-type access
port default vlan 11
#
interface Ethernet0/0/46
port link-type access
port default vlan 11
#
interface Ethernet0/0/47
port link-type access
port default vlan 11
#
interface Ethernet0/0/48
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
undo negotiation auto
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
undo negotiation auto
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
undo negotiation auto
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4094
undo negotiation auto
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 10.209.13.193
#
snmp-agent
snmp-agent local-engineid 000007DB7F000001000071D1
snmp-agent community read cipher %$%$8-AMBL6OG=K-Fw.T6m[JTwne%$%$ acl 2001
snmp-agent community read cipher %$%$vGtCA.dI8L(i]ROM3g$&+MD;%$%$
snmp-agent community read cipher %$%$dE,u(g]xgY)cG{7'bmaL+2)}%$%$
snmp-agent sys-info version all
#
stelnet server enable
ssh user admin
ssh user admin authentication-type password
ssh user admin service-type all
#
user-interface con 0
authentication-mode password
set authentication password cipher %$%$BW2U9\anM<x;5-4!`NQY-PG>A<1+/h67mYXj~L'~cQZ("VMH%$%$
user-interface vty 0 4
authentication-mode aaa
user privilege level 15
protocol inbound ssh
#
return
页:
[1]