Cisco 2960 802.1x动态下发vlan配置（Win Sev 2008 配置请参考以前发过的文章）

service nagle
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
no service dhcp
!

boot-start-marker
boot-end-marker
!
aaa new-model
!
aaa authentication dot1x default group radius
aaa authorization network default group radius
!
aaa session-id common
clock timezone bj 8
switch 1 provision ws-c2960s-48ts-l
no ip source-route
!
!
no ip domain-lookup
vtp domain pico
vtp mode transparent
!
dot1x system-auth-control
!
spanning-tree mode rapid-pvst
spanning-tree portfast bpduguard default
spanning-tree portfast bpdufilter default
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!

vlan 7-10,15
interface GigabitEthernet1/0/9
switchport access vlan 10
switchport mode access
authentication host-mode multi-host
authentication port-control auto
dot1x pae authenticator
dot1x timeout quiet-period 1
spanning-tree portfast
interface GigabitEthernet1/0/49
description TO_SH-1F-CS-01_G3/24
switchport mode trunk
!
interface Vlan1
no ip address
shutdown
!
interface Vlan7
ip address 172.16.1.14 255.255.255.0
no ip redirects
no ip unreachables
!
ip default-gateway 172.16.1.254
no ip http server
no ip http secure-server
ip sla enable reaction-alerts
access-list 199 permit ip 172.16.1.0 0.0.0.255 any
radius-server host 172.16.8.1 auth-port 1812 acct-port 1813 key 7 0355095852
radius-server deadtime 10
radius-server vsa send authentication
!
line con 0
exec-timeout 30 0
logging synchronous
line vty 0 4
access-class 199 in
exec-timeout 30 0
logging synchronous
line vty 5 15
!
ntp clock-period 22518908
ntp server 172.16.1.254
end
本文出自 “yanhuan” 博客，请务必保留此出处http://yanhuan.blog.51cto.com/1761673/1279789