在测试H3c s5170时出现win10终端通过inode拨号获取ip后无法通过安全检查 终端inode提示:安全检查代理服务器要求下线。
交换机配置如下:
dot1x
dot1x authentication-method eap
dot1x retry 5
dot1x timer handshake-period 30
interface GigabitEthernet1/0/2
broadcast-suppression pps 15
multicast-suppression pps 15
unicast-suppression 50
stp edged-port
arp rate-limit 15
arp detection trust
dot1x
dot1x handshake reply enable
dot1x port-method portbased
interface GigabitEthernet1/0/24
port link-type trunk
port trunk permit vlan all
dhcp snooping trust
radius scheme oa
primary authentication 199.212.10.1
primary accounting 199.212.10.1
secondary authentication 199.212.10.2
secondary accounting 199.212.10.2
key authentication cipher $c$3$2XJ6ozTLKoEylxsO2aeZsj6r63xjE5P7ZQ==
key accounting cipher $c$3$TU6JAkx2PZxMa93xRm+3e1M03c/8zo8iRQ==
#
radius scheme system
user-name-format without-domain
#
domain admin
authentication lan-access radius-scheme lan-access
authorization lan-access radius-scheme lan-access
accounting lan-access radius-scheme lan-access
#
domain oa
authentication lan-access radius-scheme oa
authorization lan-access radius-scheme oa
accounting lan-access radius-scheme oa