动态VLANWord下载.docx

1、 Operation System: Windows 2003 enterprise edition Radius Server: windows IAS（Internet 验证服务，windows组件中安装） CA Server: Windows CA证书服务（windows组件中安装） Radius Client: Windows自带。（网络连接-属性-验证），如果没有“验证”选项卡，则是相关服务没有启用。（开始-运行-services.msc-启动” Wireless Zero Configuration”服务）配置：1. 安装域，域名暂时定为：。过程略，查看相关文档 安装IIS（Int

2、ernet信息服务）,IAS,CA：控制面板添加/删除程序-安装windows组件,如图:注意先安装IIS-CA-IAS,顺序不能乱了.3. 配置CA:配置过程略,参考相关资料.4. CISCO 2950G-48-EI交换机配置:Building configuration.Current configuration : 4944 bytes!version 12.1no service padservice timestamps debug uptimeservice timestamps log uptimeno service password-encryptionhostname La

3、yer_4_2aaa new-modelaaa authentication dot1x default group radiusaaa authorization network default group radiusip subnet-zerospanning-tree mode mstno spanning-tree optimize bpdu transmissionspanning-tree extend system-iddot1x system-auth-controlswitchport access vlan 6interface FastEthernet0/1.1inte

4、rface FastEthernet0/2interface FastEthernet0/3interface FastEthernet0/4spanning-tree portfastinterface FastEthernet0/5interface FastEthernet0/6interface FastEthernet0/7interface FastEthernet0/8interface FastEthernet0/9interface FastEthernet0/10interface FastEthernet0/11interface FastEthernet0/12inte

5、rface FastEthernet0/13interface FastEthernet0/14interface FastEthernet0/15interface FastEthernet0/16interface FastEthernet0/17interface FastEthernet0/18interface FastEthernet0/19interface FastEthernet0/20interface FastEthernet0/21interface FastEthernet0/22interface FastEthernet0/23interface FastEthe

6、rnet0/24interface FastEthernet0/25interface FastEthernet0/26interface FastEthernet0/27interface FastEthernet0/28interface FastEthernet0/29interface FastEthernet0/30interface FastEthernet0/31interface FastEthernet0/32interface FastEthernet0/33switchport access vlan 7interface FastEthernet0/34interfac

7、e FastEthernet0/35switchport mode accessdot1x port-control autodot1x guest-vlan 21interface FastEthernet0/37interface FastEthernet0/38interface FastEthernet0/39interface FastEthernet0/40interface FastEthernet0/41interface FastEthernet0/42interface FastEthernet0/43interface FastEthernet0/44interface

8、FastEthernet0/45interface FastEthernet0/46interface FastEthernet0/47interface FastEthernet0/48interface GigabitEthernet0/1switchport mode trunkinterface GigabitEthernet0/2interface Vlan1ip address 192.168.0.1 255.255.255.0no ip route-cacheinterface Vlan6ip address 192.168.1.1 255.255.255.0shutdownin

9、terface Vlan7ip address 192.168.2.1 255.255.255.0ip http serverradius-server host 192.168.0.2 auth-port 1812 acct-port 1813 key testradius-server retransmit 3radius-server vsa send authenticationline con 0line vty 0 4monitor session 1 source interface Fa0/1monitor session 1 destination interface Fa0

10、/43endLayer_4_2#5. 配置IAS:a） 打开IAS:b） 新建立”RADIUS客户端”:c） 新建访问策略d） 修改策略属性配置接入设备PC 将终端设备加入域.2. 在终端设备上手动安装根证书登录域后在浏览器上键入http:/192.168.10.8/certsrv进入证书WEB申请页面,登录用户采用域管理用户账号. 选择申请一个证书 用户证书点击提交（当遇到提示时选择是）点安装此证书进行证书安装，按下一步结束证书安装。3. 进行PC上的802.1x认证设置:在网卡的连接属性中选择“验证为此网络启用 IEEE 802.1x 验证”,EAP类型选为“受保护的（PEAP）”,勾选“当计算机信息可用时验证为计算机”,然后再点“属性”,在EAP属性窗口中选择“验证服务器证书”,选择“连接到下列服务器”这里是192.168.10.8。钩选“不提示用户验证新服务器或受信任的证书授权机构”同时在“在受信任的根证书颁发机构”窗口中选择对应的ROOT CA,这里为bjlzj,认证方法选成“EAP-MSCHAPv2”.再点“设定”按钮勾选选项即可