W2L800020 网络访问控制 教师参考.doc

网络访问控制 用户进行802.1X认证并执行EAD安全检查 搭建实验环境 首先，依照图14-1搭建实验环境连接各设备并安装好相应的应用软件并按照---配置好各PC和服务器以及设备的接口IP地址。 设备名称 接口 IP地址 网关 SWA VLAN1 /24 -- VLAN20 /24 -- VLAN30 /24 -- VLAN40 /24 -- RTA E0/0/1 /24 -- HostA 01/24 HostB 02/24 ServerA（iMC） /24 ServerB /24 在SWA上将各连接主机和服务器以及RTA的端口划入正确的VLAN中。E1/0/1属于VLAN1；E1/0/11属于VLAN20；E1/0/21属于VLAN30；E1/0/24属于VLAN40。 基本配置 配置802.1X认证使用的AAA方案和ISP域，域名为。详细参考命令如下： [SWA]radius scheme [SWA-]primary authentication [SWA-]primary accounting [SWA-]key authentication expert [SWA-]key accounting expert [SWA-]server-type extended [SWA-]security-policy-server [SWA-]user-name-format with-domain [SWA-]quit [SWA]domain [SWA-]authentication lan-access radius-scheme [SWA-]authorization lan-access radius-scheme [SWA-]accounting lan-access radius-scheme 在SWA全局和HostA所在的端口E1/0/1上启用802.1X认证，并记录完整的配置命令。 [SWA]dot1x [SWA]int Ethernet 1/0/1 [SWA-Ethernet1/0/1]dot1x 检查配置正确性 请用display radius scheme 命令查看AAA方案信息并补充如下信息： [SWA]display radius scheme SchemeName = Index = 0 Type = extended Primary Auth IP = Port = 1812 State = active Primary Acct IP = Port = 1813 State = active Second Auth IP = Port = 1812 State = block Second Acct IP = Port = 1813 State = block Security Policy Server IP = Auth Server Encryption Key = expert Acct Server Encryption Key = expert Accounting-On packet disable, send times = 5 , interval = 3s Interval for timeout(second) = 3 Retransmission times for timeout = 3 Interval for realtime accounting(minute) = 12 Retransmission times of realtime-accounting packet = 5 Retransmission times of stop-accounting packet = 500 Quiet-interval(min) = 5 Username format = with-domain Data flow unit = Byte Pac