动态VLANWord下载.docx
《动态VLANWord下载.docx》由会员分享,可在线阅读,更多相关《动态VLANWord下载.docx(16页珍藏版)》请在冰豆网上搜索。
OperationSystem:
Windows2003enterpriseedition
RadiusServer:
windowsIAS(Internet验证服务,windows组件中安装)
CAServer:
WindowsCA证书服务(windows组件中安装)
RadiusClient:
Windows自带。
(网络连接->
属性->
验证),如果没有“验证”选项卡,则是相关服务没有启用。
(开始->
运行->
services.msc->
启动”WirelessZeroConfiguration”服务)
配置:
1.
安装域,域名暂时定为:
。
过程略,查看相关文档
安装IIS(Internet信息服务),IAS,CA:
控制面板->
添加/删除程序->
安装windows组件,如图:
注意先安装IIS->
CA->
IAS,顺序不能乱了.
3.配置CA:
配置过程略,参考相关资料.
4.
CISCO2950G-48-EI交换机配置:
Buildingconfiguration...
Currentconfiguration:
4944bytes
!
version12.1
noservicepad
servicetimestampsdebuguptime
servicetimestampsloguptime
noservicepassword-encryption
hostnameLayer_4_2
aaanew-model
aaaauthenticationdot1xdefaultgroupradius
aaaauthorizationnetworkdefaultgroupradius
ipsubnet-zero
spanning-treemodemst
nospanning-treeoptimizebpdutransmission
spanning-treeextendsystem-id
dot1xsystem-auth-control
switchportaccessvlan6
interfaceFastEthernet0/1.1
interfaceFastEthernet0/2
interfaceFastEthernet0/3
interfaceFastEthernet0/4
spanning-treeportfast
interfaceFastEthernet0/5
interfaceFastEthernet0/6
interfaceFastEthernet0/7
interfaceFastEthernet0/8
interfaceFastEthernet0/9
interfaceFastEthernet0/10
interfaceFastEthernet0/11
interfaceFastEthernet0/12
interfaceFastEthernet0/13
interfaceFastEthernet0/14
interfaceFastEthernet0/15
interfaceFastEthernet0/16
interfaceFastEthernet0/17
interfaceFastEthernet0/18
interfaceFastEthernet0/19
interfaceFastEthernet0/20
interfaceFastEthernet0/21
interfaceFastEthernet0/22
interfaceFastEthernet0/23
interfaceFastEthernet0/24
interfaceFastEthernet0/25
interfaceFastEthernet0/26
interfaceFastEthernet0/27
interfaceFastEthernet0/28
interfaceFastEthernet0/29
interfaceFastEthernet0/30
interfaceFastEthernet0/31
interfaceFastEthernet0/32
interfaceFastEthernet0/33
switchportaccessvlan7
interfaceFastEthernet0/34
interfaceFastEthernet0/35
switchportmodeaccess
dot1xport-controlauto
dot1xguest-vlan21
interfaceFastEthernet0/37
interfaceFastEthernet0/38
interfaceFastEthernet0/39
interfaceFastEthernet0/40
interfaceFastEthernet0/41
interfaceFastEthernet0/42
interfaceFastEthernet0/43
interfaceFastEthernet0/44
interfaceFastEthernet0/45
interfaceFastEthernet0/46
interfaceFastEthernet0/47
interfaceFastEthernet0/48
interfaceGigabitEthernet0/1
switchportmodetrunk
interfaceGigabitEthernet0/2
interfaceVlan1
ipaddress192.168.0.1255.255.255.0
noiproute-cache
interfaceVlan6
ipaddress192.168.1.1255.255.255.0
shutdown
interfaceVlan7
ipaddress192.168.2.1255.255.255.0
iphttpserver
radius-serverhost192.168.0.2auth-port1812acct-port1813keytest
radius-serverretransmit3
radius-servervsasendauthentication
linecon0
linevty04
monitorsession1sourceinterfaceFa0/1
monitorsession1destinationinterfaceFa0/43
end
Layer_4_2#
5.
配置IAS:
a)
打开IAS:
b)
新建立”RADIUS客户端”:
c)
新建访问策略
d)
修改策略属性
配置接入设备PC
将终端设备加入域.
2.
在终端设备上手动安装根证书
登录域后在浏览器上键入http:
//192.168.10.8/certsrv进入证书WEB申请页面,登录用户采用域管理用户账号.选择申请一个证书→用户证书→点击提交(当遇到提示时选择是)→点安装此证书进行证书安装,按下一步结束证书安装。
3.
进行PC上的802.1x认证设置:
在网卡的连接属性中选择“验证→为此网络启用IEEE802.1x验证”,EAP类型选为“受保护的(PEAP)”,勾选“当计算机信息可用时验证为计算机”,然后再点“属性”,在EAP属性窗口中选择“验证服务器证书”,选择“连接到下列服务器”这里是192.168.10.8。
钩选“不提示用户验证新服务器或受信任的证书授权机构”同时在“在受信任的根证书颁发机构”窗口中选择对应的ROOTCA,这里为bjlzj,认证方法选成“EAP-MSCHAPv2”.再点“设定”按钮勾选选项即可
升级会员 