Hà Nội: NTT03, Line 1, Thống Nhất Complex, 82 Nguyễn Tuân, Thanh Xuân, Hà Nội. ● HCM: Số 31B, Đường 1, Phường An Phú, Quận 2 (Thủ Đức), TP HCM. ===> Đơn Vị Hàng Đầu Trong Lĩnh Vực Cung Cấp Thiết Bị Security - Network - Wifi - CCTV - Conference - Máy chủ Server - Lưu trữ Storge.
Danh mục sản phẩm

Configure 802.1X Transparent Transmission Mode

Network Requirements

  1. PC is connected to Device2 enabled with the 802.1X access control via Device1 and connected to IP Network.
  2. Device1 enables the transparent transmission function; Device2 uses the RADIUS authentication mode.
  3. After passing authentication, PC can access IP Network.

Network Topology

Networking of configuring the 802.1X transparent transmission mode

Figure 12-8 Networking of configuring the 802.1X transparent transmission mode

Configuration Steps

Step 1: Configure the link type of VLAN and interface on Device2.

#Create VLAN2–VLAN3 on Device2.

Device2#configure terminal
Device2(config)#vlan 2-3
Device2(config)#exit

#Configure the link type of interface gigabitethernet 0/1 as Access, permitting services of VLAN2 to pass.

Device2(config)#interface gigabitethernet 0/1
Device2(config-if-gigabitethernet0/1)#switchport mode access
Device2(config-if-gigabitethernet0/1)#switchport access vlan 2
Device2(config-if-gigabitethernet0/1)#exit

#Configure the port link type on gigabitethernet0/2–gigabitethernet0/3 of Device2 as Access, permitting the services of VLAN2–VLAN3 to pass. (Omitted)

Step 2: Configure the interface IP address of Device2.

#Configure the IP address of VLAN3 as 130.255.167.1/24.

Device2(config)#interface vlan 3
Device2(config-if-vlan3)#ip address 130.255.167.1 255.255.255.0
Device2(config-if-vlan3)#exit

Step 3: Configure the AAA authentication.

#Enable the AAA authentication on Device2, and adopt the RADIUS authentication mode. The server key is admin, the priority is 1, and the RADIUS server address is 130.255.167.167/24.

Device(config)#domain system
Device(config-isp-system)# aaa authentication dot1x radius-group radius
Device(config-isp-system)#exit
Device(config)#aaa server group radius radius
Device(config-sg-radius-radius)#server 130.255.167.167 priority 1 key admin

Step 4: Configure the AAA server.

#Configure the user name, password, and key as admin on the AAA server. (Omitted)

Step 5: Configure the port VLAN of Device1.

#Configure the port link type on gigabitethernet0/1-gigabitethernet0/2 of Device1 as Access, permitting the services of VLAN2 to pass. (Omitted)

Step 6: Enable the 802.1X transparent transmission function on Device1.

#Configure the 802.1X transparent transmission mode on gigabitethernet0/1 of Device1 and the uplink port is gigabitethernet0/2.

Device1(config)#interface gigabitethernet 0/1
Device1(config-if-gigabitethernet0/1)#dot1x eapol-relay enable
Device1(config-if-gigabitethernet0/1)#dot1x eapol-relay uplink interface gigabitethernet 0/2
Device1(config-if-gigabitethernet0/1)#exit

Step 7: Configure the 802.1X authentication mode on Device2.

#Enable the 802.1X authentication of gigabitethernet0/1 and the port authentication mode is Portbased.

Device2(config)#interface gigabitethernet 0/1
Device2(config-if-gigabitethernet0/1)#dot1x port-control enable
Device2(config-if-gigabitethernet0/1)# authentication port-method portbased
Device2(config-if-gigabitethernet0/1)#exit

Step 8: Check the result.

#PC user can be authenticated successfully and can access IP Network.

Device2#show dot1x user 

NO 1 : MAC_ADDRESS= 3883.45ef.7984 STATUS=     Authorized    USER_NAME= admin
         VLAN=    2       INTERFACE= gi0/1            USER_TYPE= DOT1X
         AUTH_STATE= AUTHENTICATED BACK_STATE= IDLE             IP_ADDRESS= Unknown
         IPV6_ADDRESS= Unknown
 
         Online time: 0 week 0 day 0 hours 0 minute 51 seconds

 Total: 1 Authorized: 1 Unauthorized/guest/critical: 0/0/0 Unknown: 0