基于端口控制的acs应用
要求:vlan10内的pc能够自动获得地址,实现vlan10与vlan20间通信,并在交换机上实现端口控制。
Sw1的基本配置
[Quidway]inter vlan 1
[Quidway-Vlan-interface1]ip add 192.168.101.1.100
[Quidway-Vlan-interface1]vlan 10
[Quidway-vlan10]port e1/0/10
[Quidway-vlan10]port e1/0/12
[Quidway-vlan10]vlan 20
[Quidway-vlan20]port e1/0/20
[Quidway-vlan20]port e1/0/22
[Quidway]dot1x
802.1X is enabled globally.
[Quidway]inter eth1/0/10
[Quidway-Ethernet1/0/10]dot1x
802.1X is enabled on port Ethernet1/0/10.
[Quidway]radius scheme aaa
[Quidway-radius-aaa]primary authentication 192.168.101.66
[Quidway-radius-aaa]key authentication 123456
[Quidway-radius-aaa]server-type standard
[Quidway-radius-aaa]user-name-format without-domain
[Quidway-radius-aaa]accounting optional
[Quidway]domain com
[Quidway-isp-com]radius-scheme aaa
防火墙的基本配置
[H3C]inter eth0/0.10
[H3C-Ethernet0/0.10]vlan-type dot1q vid 10
[H3C-Ethernet0/0.10]ip add 192.168.10.254 255.255.255.0
[H3C-Ethernet0/0.10]inter eth0/0.20
[H3C-Ethernet0/0.20]vlan-type dot1q vid 20
[H3C-Ethernet0/0.20]ip add 192.168.20.254 255.255.255.0
[H3C-Ethernet0/0.20]q
[H3C]inter eth0/4
[H3C-Ethernet0/4]ip add 192.168.101.88 255.255.255.0
