H3c交换机端配置
#
radius scheme h3c
primary authentication 192.168.1.160
primary accounting 192.168.1.160
key authentication cipher $c$3$YGGOW0voQhs9szVkVnViN/saFdC+xagP
key accounting cipher $c$3$8cw911GUhwu4Mjp/69VubgsRHdPPgxW/
#
radius scheme system
user-name-format without-domain
#
domain icloudengine.com
authentication lan-access radius-scheme h3c
authorization lan-access radius-scheme h3c
#
interface GigabitEthernet1/0/1
dot1x
undo dot1x handshake
dot1x mandatory-domain icloudengine.com
dot1x port-method portbased
dot1x guest-vlan 50
dot1x auth-fail vlan 80
dot1x critical vlan 80
#
NPS配置
(1)连接请求配置
身份验证方法使用PEAP
(2)网络策略配置
指定做NPS验证的用户组、服务类型和NAS端口类型
验证方法使用PEAP
NAS端口类型指定以太网
指定帧类型 Framed-Protocol PPP
指定服务类型 Framed
指定下发vlan id Tunnel-Pvt-Group-ID 4
指定Tunnel-Type Virtual LANs(VLAN)
指定介质类型 Tunnel-Mediaum-Type 802
指定设置id(留空) Tunnel-Assignment-ID
终端配置(以win10为例)
(1)启动Wired AutoConfig服务
