Network requirements

As shown in Figure 28, the access device performs 802.1X authentication for users that connect to port Ethernet 1/0/1. Implement MAC-based access control on the port, so the logoff of one user does not affect other online 802.1X users.

Use RADIUS servers to perform authentication, authorization, and accounting for the 802.1X users. If RADIUS authentication fails, perform local authentication on the access device. If RADIUS accounting fails, the access device logs the user off.

Configure the host at 10.1.1.1/24 as the primary authentication and accounting servers, and the host at 10.1.1.2/24 as the secondary authentication and accounting servers. Assign all users to the ISP domain aabbcc.net, which accommodates up to 30 users.

Configure the shared key as name for packets between the access device and the authentication server, and the shared key as money for packets between the access device and the accounting server.