96
[Router-vlan1] port gigabitethernet 1/0/2
[Router-vlan1] quit
[Router] vlan 10
[Router-vlan10] port gigabitethernet 1/0/1
[Router-vlan10] quit
[Router] vlan 2
[Router-vlan2] port gigabitethernet 1/0/4
[Router-vlan2] quit
[Router] vlan 5
[Router-vlan5] port gigabitethernet 1/0/3
[Router-vlan5] quit
4.
Configure a RADIUS scheme.
# Configure RADIUS scheme
2000
and enter its view.
<Router> system-view
[Router] radius scheme 2000
# Specify primary and secondary authentication and accounting servers. Set the shared key to
abc
for
authentication and accounting packets.
[Router-radius-2000] primary authentication 10.11.1.1 1812
[Router-radius-2000] primary accounting 10.11.1.1 1813
[Router-radius-2000] key authentication abc
[Router-radius-2000] key accounting abc
# Exclude the ISP domain name from the username sent to the RADIUS server.
[Router-radius-2000] user-name-format without-domain
[Router-radius-2000] quit
5.
Configure an ISP domain.
# Create ISP domain
bbb
and enter its view.
[Router] domain bbb
# Apply RADIUS scheme 2000 to the ISP domain for authentication, authorization, and accounting.
[Router-isp-bbb] authentication lan-access radius-scheme 2000
[Router-isp-bbb] authorization lan-access radius-scheme 2000
[Router-isp-bbb] accounting lan-access radius-scheme 2000
[Router-isp-system] quit
6.
Configure 802.1X.
# Enable 802.1X globally.
[Router] dot1x
# Enable 802.1X for port GigabitEthernet 1/0/2.
[Router] interface gigabitethernet 1/0/2
[Router-GigabitEthernet1/0/2] dot1x
# Implement port-based access control on the port.
[Router-GigabitEthernet1/0/2] dot1x port-method portbased
# Set the port authorization mode to
auto
.
[Router-GigabitEthernet1/0/2] dot1x port-control auto
[Router-GigabitEthernet1/0/2] quit