Cisco EOU

aaa new-model /起用aaa认证
aaa authentication login default line none /定义认证方式
aaa authentication eou default group radius /定义EOU认证
aaa authorization network default group radius/定义认证服务器

ip admission name NAC-L2-IP eapoudp /定义EOU认证名字

ip device tracking /起用设备追踪功能

eou allow clientless /允许无代理设备进行EOU认证
eou timeout retransmit 30 /定义超时时间

ip access-list extended quarantine_url_redir_acl /定义重定向ACL
deny   tcp any host 134.192.43.193 eq www
permit tcp any any eq www
permit tcp any any eq 443

ip access-list extended interface_default_acl /定义端口默认ACL
permit udp any any eq 21862
permit udp any eq bootpc any eq bootps
permit udp any any eq domain
permit icmp any any
permit ip any host 134.192.43.193
deny   ip any any

ip access-group interface_default_acl in /在端口下应用默认ACL
ip admission NAC-L2-IP /在端口下应用EOU




ip http server /起用http服务

radius-server attribute 8 include-in-access-req /定义RADIOUS服务器
radius-server host 10.92.3.250 auth-port 1812 acct-port 1813 key secret
radius-server vsa send authentication

sh eou all /查看EOU认证情况

 


sh ip access-lists int fa0/7 /查看端口下ACL的下发情况

 

 

aaa authorization network default local变为

aaa authorization network default group radius dot1x

 

 常用设备:3560
posted @ 2011-02-22 09:56  ahuo  阅读(1027)  评论(1编辑  收藏  举报