有线网dot1x+MAC混合认证

#### 一、配置Radius服务

```

radius scheme mac

primary authentication 10.113.33.51

primary accounting 10.113.33.51

key authentication cipher $c$3$bRJa6YzQFJI9oOqIoiChKe+U3HOXSkeOWg==

key accounting cipher $c$3$uqqzN2cwKT7bX1DRIgLJtMb5RwrjEs4uTw==

user-name-format without-domain

nas-ip 10.112.254.98

```

#### 二、配置Domain域

```

domain mac

authentication lan-access radius-scheme mac

authorization lan-access radius-scheme mac

accounting lan-access radius-scheme mac

```

#### 三、全局使能dot1x认证

```

dot1x

```

#### 四、全局使能MAC认证

```

mac-authentication

mac-authentication user-name-format mac-address with-hyphen lowercase    //配置MAC地址认证用户名格式：使用带连字符的MAC地址作为用户名与密码，其中字母小写。

```

#### 五、物理接口配置dot1x+MAC认证

```

interface GigabitEthernet1/0/1

port access vlan 10

dot1x

dot1x mandatory-domain mac      //指定端口上802.1X用户使用的强制认证域

mac-authentication

mac-authentication domain mac

mac-authentication parallel-with-dot1x    //配置端口的MAC地址认证和802.1X认证并行处理功能

```