About the 802.1X testing report
1,Testing topology:
Description:
The backbone ISP provide the MPLS layer 3 ××× to ending customer.
By the branch side , MP3000-8T layer 2 switch port 2 enable the 802.1X, then when client PC want to access the HQ side, first will pass the 802.1X authentication then switch 3000B port 2 will be opened.
The Radius server is in HQ side.
This testing need to confirm that client PC can successful pass the 802.1X authentication.
2, Testing configuration for all the device:
MP3000-8T layer 2 switch:
hostname MP3000B-8T
vlan 1
!
radius-server key maipu
radius-server authentication host 83.2.1.2
radius-server accounting host 83.2.1.2
aaa-accounting enable
aaa enable
!
dot1x enable
!
Interface Ethernet1/1
!
Interface Ethernet1/2
dot1x enable
dot1x port-method macbased
!
!
interface Vlan1
ip address 111.11.1.3 255.255.255.0
!
ip default-gateway 111.11.1.1
!
MP1800-CPE-D:
hostname MP1800-D
interface fastethernet0
ip address 172.1.1.2 255.255.255.0
exit
interface fastethernet1
ip address 111.11.1.1 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 172.1.1.1
MP2800-PE-1:
hostname MP2800-PE-1
mpls ip
ip vrf maipu
rd 1:1
route-target export 1:1
route-target import 1:1
exit
interface loopback0
ip address 1.1.1.1 255.255.255.255
exit
interface fastethernet0
ip vrf forwarding maipu
ip address 172.1.1.1 255.255.255.0
exit
interface fastethernet1
ip address 192.168.1.1 255.255.255.0
mpls ip
mpls ldp
exit
router ospf 1
router-id 1.1.1.1
network 0.0.0.0 255.255.255.255 area 0
exit
router bgp 65000
no auto-summary
no synchronization
bgp router-id 1.1.1.1
neighbor 2.2.2.2 remote-as 65000
neighbor 2.2.2.2 update-source loopback0
neighbor 2.2.2.2 next-hop-self
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
address-family ipv4 vrf maipu
redistribute connected
redistribute static
exit-address-family
exit
mpls ldp
router-id 1.1.1.1
transport-address 1.1.1.1
targeted-peer 2.2.2.2
exit
ip route vrf maipu 111.11.1.0 255.255.255.0 172.1.1.2
MP2800-PE-2:
hostname MP2800-PE-2
mpls ip
ip vrf maipu
rd 1:1
route-target export 1:1
route-target import 1:1
exit
interface loopback0
ip address 2.2.2.2 255.255.255.255
exit
interface fastethernet0
ip vrf forwarding maipu
ip address 172.1.2.1 255.255.255.0
exit
interface fastethernet1
ip address 192.168.1.2 255.255.255.0
mpls ip
mpls ldp
exit
router ospf 1
router-id 2.2.2.2
network 0.0.0.0 255.255.255.255 area 0
exit
router bgp 65000
no auto-summary
no synchronization
bgp router-id 2.2.2.2
neighbor 1.1.1.1 remote-as 65000
neighbor 1.1.1.1 update-source loopback0
neighbor 1.1.1.1 next-hop-self
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
exit-address-family
address-family ipv4 vrf maipu
redistribute connected
redistribute static
exit-address-family
exit
mpls ldp
router-id 2.2.2.2
transport-address 2.2.2.2
targeted-peer 1.1.1.1
exit
ip route vrf maipu 83.2.1.0 255.255.255.0 172.1.2.2
MP1800-U:
hostname MP1800-U
interface fastethernet0
ip address 172.1.2.2 255.255.255.0
exit
interface fastethernet1
ip address 83.2.1.1 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 172.1.2.1
3, Testing snapshots:
For the client PC 111.11.1.2. before authentication , can not ping the MP1800-U (MP2824) HQ side IP address 83.2.1.2.
And before authentication , on the MP3000B-8T switch, we can see the status for the client PC :
And after the client send the username and password and passed the authentication:
And on the MP3000B-8T switch, we can see that client PC is already successful passed the authentication:
Finally on the server, we can see successful passed the username and password: