dot1x
dot1x authentication-method eap /*預設是chap認證,當時在客戶的環境中使用的是預設的chap認證,但是802.1x不通過,改成eap認證就好了*/
interface GigabitEthernet1/0/1
port access vlan 196
dot1x
dot1x mandatory-domain aaa
radius scheme bj_radius
primary authentication 12.2.0.5
primary accounting 12.2.0.5
secondary authentication 12.2.0.6
secondary authentication 12.2.0.1
secondary accounting 12.2.0.6
secondary accounting 12.2.0.1
key authentication simple bjfh10.2.0.0
key accounting simple bjfh10.2.0.0
user-name-format without-domain
nas-ip 12.2.8.20
quit
domain aaa
authentication lan-access radius-scheme bj_radius none
authorization lan-access radius-scheme bj_radius none
accounting lan-access radius-scheme bj_radius none
domain default enable aaa
Radius伺服器的設定請參考文檔
本文轉自傑1992 51CTO部落格,原文連結:http://blog.51cto.com/holger/1936549,如需轉載請自行聯系原作者