[21전국] 3과제 Dot1x Authentication

CENT-SRV
#cd /etc/ssl
#openssl req -new -out client.req -newkey rsa:2048 -nodes -keyout client.key
#openssl ca -in client.req -out client.crt
※CN=client
#openssl pkcs12 -export -in client.crt -inkey client.key -certfile cacert.pem -out client.pfx
이 client.pfx와 cacert.pem을 각각 WORK-PC의 client.pfx는 개인용으로 cacert.pem은 신뢰할 수 있는 인증기관으로 복사한다.

WORK-SW2
conf t
aaa new-model
radius server RADIUS
address ipv6 2001:10:202:2::1 auth-port 1812 acct-port 1813
key korea2021##
exit
aaa authentication dot1x default group radius
aaa authorization network default group radius
dot1x system-auth-control
dot1x guest-vlan supplicant
interface fa0/3
dot1x pae authenticator
authentication port-control auto
spanning-tree portfast

WORK-PC
※services.msc 실행