Cisco 2950G 802.1X+AD+CA+IAS进行802.1x身份验证.doc
-
资源ID:33453116
资源大小:93KB
全文页数:7页
- 资源格式: DOC
下载积分:15金币
快捷下载
会员登录下载
微信登录下载
三方登录下载:
微信扫一扫登录
|
友情提示
2、PDF文件下载后,可能会被浏览器默认打开,此种情况可以点击浏览器菜单,保存网页到桌面,就可以正常下载了。
3、本站不支持迅雷下载,请使用电脑自带的IE浏览器,或者360浏览器、谷歌浏览器下载即可。
4、本站资源下载后的文档和图纸-无水印,预览文档经过压缩,下载后原文更清晰。
5、试题试卷类文档,如果标题没有明确说明有答案则都视为没有答案,请知晓。
|
Cisco 2950G 802.1X+AD+CA+IAS进行802.1x身份验证.doc
如有侵权,请联系网站删除,仅供学习与交流Cisco 2950G 802.1X+AD+CA+IAS进行802.1x身份验证【精品文档】第 7 页Cisco 2950G 802.1X+AD+CA+IAS进行802.1x身份验证要求:1. 交换机支持802.1X协议。2. 有一台RADIUS服务器。3. 一台客户端。网络拓扑:验证方式:PEAP验证:使用证书AD用户集成认证;环境:Operation System: Windows 2003 enterprise editionRadius Server: windows IAS(Internet 验证服务,windows组件中安装) CA Server: Windows CA证书服务(windows组件中安装)Radius Client: Windows自带。(网络连接->属性->验证),如果没有“验证”选项卡,则是相关服务没有启用。(开始->运行->services.msc->启动” Wireless Zero Configuration”服务)配置:1. 安装域,域名暂时定为:。过程略,查看相关文档2. 安装IIS(Internet信息服务),IAS,CA:控制面板>添加/删除程序->安装windows组件,如图:意先安装IIS->CA->IAS,顺序不能乱了.3. 配置CA:配置过程略,参考相关资料.4. CISCO 2950G-48-EI交换机配置:Building configuration.Current configuration : 4944 bytesversion 12.1no service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryptionhostname Layer_4_2aaa new-modelaaa authentication dot1x default group radiusaaa authorization network default group radiusip subnet-zerospanning-tree mode mstno spanning-tree optimize bpdu transmissionspanning-tree extend system-iddot1x system-auth-controlinterface FastEthernet0/1 switchport access vlan 6interface FastEthernet0/1.1interface FastEthernet0/2 switchport access vlan 6interface FastEthernet0/3 switchport access vlan 6interface FastEthernet0/4 switchport access vlan 6 spanning-tree portfastinterface FastEthernet0/5 switchport access vlan 6 spanning-tree portfastinterface FastEthernet0/6 switchport access vlan 6 spanning-tree portfastinterface FastEthernet0/7 switchport access vlan 6 spanning-tree portfastinterface FastEthernet0/8 switchport access vlan 6 spanning-tree portfastinterface FastEthernet0/9 switchport access vlan 6 spanning-tree portfastinterface FastEthernet0/10 switchport access vlan 6 spanning-tree portfastinterface FastEthernet0/11 switchport access vlan 6 spanning-tree portfastinterface FastEthernet0/12 switchport access vlan 6 spanning-tree portfastinterface FastEthernet0/13 switchport access vlan 6 spanning-tree portfastinterface FastEthernet0/14 switchport access vlan 6 spanning-tree portfastinterface FastEthernet0/15 switchport access vlan 6 spanning-tree portfastinterface FastEthernet0/16 switchport access vlan 6 spanning-tree portfastinterface FastEthernet0/17 switchport access vlan 6 spanning-tree portfastinterface FastEthernet0/18 switchport access vlan 6 spanning-tree portfastinterface FastEthernet0/19 switchport access vlan 6 spanning-tree portfastinterface FastEthernet0/20 switchport access vlan 6interface FastEthernet0/21 switchport access vlan 6 spanning-tree portfastinterface FastEthernet0/22 switchport access vlan 6 spanning-tree portfastinterface FastEthernet0/23 switchport access vlan 6 spanning-tree portfastinterface FastEthernet0/24 switchport access vlan 6 spanning-tree portfastinterface FastEthernet0/25 switchport access vlan 6 spanning-tree portfastinterface FastEthernet0/26 switchport access vlan 6 spanning-tree portfastinterface FastEthernet0/27 switchport access vlan 6 spanning-tree portfastinterface FastEthernet0/28 switchport access vlan 6 spanning-tree portfastinterface FastEthernet0/29 switchport access vlan 6 spanning-tree portfastinterface FastEthernet0/30 switchport access vlan 6 spanning-tree portfastinterface FastEthernet0/31 switchport access vlan 6 spanning-tree portfastinterface FastEthernet0/32 switchport access vlan 6 spanning-tree portfastinterface FastEthernet0/33 switchport access vlan 7 spanning-tree portfastinterface FastEthernet0/34 switchport access vlan 7 spanning-tree portfastinterface FastEthernet0/35 switchport access vlan 7 spanning-tree portfastinterface FastEthernet0/36 switchport mode access dot1x port-control auto dot1x guest-vlan 21 spanning-tree portfastinterface FastEthernet0/37 switchport access vlan 7 spanning-tree portfastinterface FastEthernet0/38 switchport access vlan 7 spanning-tree portfastinterface FastEthernet0/39 switchport access vlan 7 spanning-tree portfastinterface FastEthernet0/40 switchport access vlan 7 spanning-tree portfastinterface FastEthernet0/41 switchport access vlan 7 spanning-tree portfastinterface FastEthernet0/42 switchport access vlan 7 spanning-tree portfastinterface FastEthernet0/43 switchport access vlan 7 spanning-tree portfastinterface FastEthernet0/44 switchport access vlan 7 spanning-tree portfastinterface FastEthernet0/45 switchport access vlan 7 spanning-tree portfastinterface FastEthernet0/46 switchport access vlan 7 spanning-tree portfastinterface FastEthernet0/47 switchport access vlan 7 spanning-tree portfastinterface FastEthernet0/48 switchport access vlan 7 spanning-tree portfastinterface GigabitEthernet0/1 switchport mode trunkinterface GigabitEthernet0/2interface Vlan1 ip address 192.168.0.1 255.255.255.0 no ip route-cacheinterface Vlan6 ip address 192.168.1.1 255.255.255.0 no ip route-cache shutdowninterface Vlan7 ip address 192.168.2.1 255.255.255.0 no ip route-cache shutdownip http serverradius-server host 192.168.0.2 auth-port 1812 acct-port 1813 key testradius-server retransmit 3radius-server vsa send authenticationline con 0line vty 0 4monitor session 1 source interface Fa0/1monitor session 1 destination interface Fa0/43endLayer_4_2#5. 配置IAS:a) 打开IAS:b) 新建立”RADIUS客户端”:c) 新建访问策略d) 修改策略属性6. 客户端设置:a) 配置网络连接b) 设置为自动获取IP7. 基本上,已经设置完毕.用户加入域后,登录域时自动下载证书.a) 如果有证书,则将获取相应VLAN的IP.b) 如果没有IP,将获取guest-vlan的IP.
