Network requirements
As shown in Figure 29, the access device performs 802.1X authentication for users who connect to port GigabitEthernet 1/0/1. Implement MAC-based access control on the port, so the logoff of one user does not affect other online 802.1X users.
Use RADIUS servers to perform authentication, authorization, and accounting for the 802.1X users. If RADIUS authentication fails, perform local authentication on the access device. If RADIUS accounting fails, the access device logs the user off.
Configure the host at 10.1.1.1/24 as the primary authentication and accounting servers, and the host at 10.1.1.2/24 as the secondary authentication and accounting servers. Assign all users to the ISP domain aabbcc.net, which accommodates up to 30 users.
Configure the shared key as name for packets between the access device and the authentication server, and the shared key as money for packets between the access device and the accounting server.
Figure 29: Network diagram