环境介绍:
- windows server 2012 NPS 承担Radius Server 角色
- Radius Client 设备型号 H3C S3100V2
由于802.1x 端口控制方式有两种,一种是基于接口的接入控制方式(PortBased),一种是基于Mac的接入控制方式(Macbased).
NPS配置:
场景1 : 基于接口的接入控制方式(PortBased)
#Radius 方案配置
radius scheme nps
primary authentication 172.16.0.108
key authentication cipher $c$3$8yT1nDhaOX53/Ekxj0Eglhgb4RQYGQ+WmNatQnuiaoM=
user-name-format without-domain
#域配置
domain test.com
authentication login radius-scheme nps local
authorization login radius-scheme nps local
authentication lan-access radius-scheme nps local
authorization lan-access radius-scheme nps local
access-limit disable
state active
idle-cut disable
self-service-url disable
domain default enable test.com
#全局启用802.1x和认证方式
dot1x
dot1x authentication-method eap
#端口配置:
interface Ethernet1/0/3
port access vlan 4
dot1x guest-vlan 240
dot1x auth-fail vlan 240
dot1x critical vlan 240
undo dot1x handshake
dot1x mandatory-domain 51talk.com
dot1x port-method portbased
dot1x
认证成功时:
认证失败(立即加如Auth-Fail Vlan)或者不认证时(90s后加入Guest Vlan):