5130S(5130s-28s-ei)
1690211625,
[H3C]local-user admin [H3C-luser-admin]password simple admin@123 [H3C-luser-admin]service-type lan-access
[H3C]radius scheme 80RZ [H3C-radius-80rz]primary authentication 172.16.100.
[H3C]domain GUN [H3C-isp-GUN]authentication lan-access radius-scheme 80RZ local [H3C-isp-GUN]authorization lan-access radius-scheme 80RZ local
[H3C]interface GigabitEthernet1/0/10 [H3C-GigabitEthernet1/0/10]dot1x [H3C-GigabitEthernet1/0/10]dot1x port-method macbased [H3C-GigabitEthernet1/0/10]dot1x mandatory-domain GUN [H3C-GigabitEthernet1/0/10]undo dot1x handshake [H3C-GigabitEthernet1/0/10]undo dot1x multicast-trigger
问题描述:
802.1X-radius+本地认证:radius服务器DOWN后,本地认证不生效。
使用的是windows自带的802.1X认证端。
交换机开启Debug后,Debug dot1x 没有信息。因为交换机已经过保,400转接不了,就很尴尬。
组网及组网描述:
配置如下:
5130S系类交换机:配置如下 [H3C]dot1x [H3C]dot1x authentication-method eap[H3C]local-user admin [H3C-luser-admin]password simple admin@123 [H3C-luser-admin]service-type lan-access
[H3C]radius scheme 80RZ [H3C-radius-80rz]primary authentication 172.16.100.
[H3C]domain GUN [H3C-isp-GUN]authentication lan-access radius-scheme 80RZ local [H3C-isp-GUN]authorization lan-access radius-scheme 80RZ local
[H3C]interface GigabitEthernet1/0/10 [H3C-GigabitEthernet1/0/10]dot1x [H3C-GigabitEthernet1/0/10]dot1x port-method macbased [H3C-GigabitEthernet1/0/10]dot1x mandatory-domain GUN [H3C-GigabitEthernet1/0/10]undo dot1x handshake [H3C-GigabitEthernet1/0/10]undo dot1x multicast-trigger
Debug dot1x 没有信息 , 就需要端口镜像 本地抓包分析 看报文分析终端有没有认证请求
暂无
你正在内容来源:知了社区,5130S
