linux centos配置802.1X
<h1>一. 基本信息介绍</h1><p>CentOS版本为7.6</p>
<p>有线网卡的名称为enp0s25</p>
<h1>二. 配置步骤</h1>
<p>1. 关闭centos系统的有线网口enp0s25;</p>
<div class="cnblogs_code">
<pre>ifconfig enp0s25 down</pre>
</div>
<p>2. 备份并删除enp0s25的配置文件;<br>备注:enp0s25为本示例中网卡的名称和网卡配置文件的名称,实际执行中请根据真实网卡的网卡名称和配置文件名称修改;</p>
<div class="cnblogs_code">
<pre>cd /etc/sysconfig/network-scripts/<span style="color: rgba(0, 0, 0, 1)">
cp enp0s25 enp0s25.bak
rm </span>-rf enp0s25</pre>
</div>
<p>3. 删除network服务的开机启动任务;<br>chkconfig --list ,查看是否有 network 的服务,如果有,执行 chkconfig --del network 删除</p>
<div class="cnblogs_code">
<pre>chkconfig --<span style="color: rgba(0, 0, 0, 1)">list
chkconfig </span>--del network</pre>
</div>
<p>4. 创建802.1X主配置文件;<br>备注:identity为802.1X的账号,password为802.1X的登录密码,请根据真实账号和密码进行替换;</p>
<div class="cnblogs_code">
<pre>vim /etc/wpa_supplicant/<span style="color: rgba(0, 0, 0, 1)">wpa_supplicant.conf
ctrl_interface</span>=/<span style="color: rgba(0, 0, 255, 1)">var</span>/run/<span style="color: rgba(0, 0, 0, 1)">wpa_supplicant
ap_scan</span>=<span style="color: rgba(128, 0, 128, 1)">0</span><span style="color: rgba(0, 0, 0, 1)">
network</span>=<span style="color: rgba(0, 0, 0, 1)">{
key_mgmt</span>=<span style="color: rgba(0, 0, 0, 1)">IEEE8021X
eap</span>=<span style="color: rgba(0, 0, 0, 1)">PEAP
identity</span>=<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">YOUR_USER_NAME</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
password</span>=<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">YOUR_PASSWORD</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
phase2</span>=<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">autheap=MSCHAPV2</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
}</span></pre>
</div>
<p>5. 创建802.1X认证服务的启动脚本;<br>1)在 /etc/init.d/ 中创建 wpa_network,写入如下内容;<br>2)注意给启动脚本赋权,默认权限是644,把权限调整为755;否则开机后脚本会因没执行权限而无法运行;</p>
<div class="cnblogs_code">
<pre>vim /etc/init.d/<span style="color: rgba(0, 0, 0, 1)">wpa_network
#</span>!/bin/<span style="color: rgba(0, 0, 0, 1)">bash
# touched </span><span style="color: rgba(128, 0, 128, 1)">2019.10</span>.<span style="color: rgba(128, 0, 128, 1)">17</span><span style="color: rgba(0, 0, 0, 1)">
# description: Wired </span><span style="color: rgba(128, 0, 128, 1)">802</span><span style="color: rgba(0, 0, 0, 1)">.1X network access
ifconfig enp0s25 down
sleep </span><span style="color: rgba(128, 0, 128, 1)">1</span><span style="color: rgba(0, 0, 0, 1)">
wpa_supplicant </span>-B -i enp0s25 -c /etc/wpa_supplicant/wpa_supplicant.conf -<span style="color: rgba(0, 0, 0, 1)">D wired
sleep </span><span style="color: rgba(128, 0, 128, 1)">1</span><span style="color: rgba(0, 0, 0, 1)">
ifconfig enp0s25 up
sleep </span><span style="color: rgba(128, 0, 128, 1)">1</span><span style="color: rgba(0, 0, 0, 1)">
dhclient enp0s25
cd </span>/etc/<span style="color: rgba(0, 0, 0, 1)">init.d
chmod </span><span style="color: rgba(128, 0, 128, 1)">755</span> wpa_network</pre>
</div>
<p>6. 添加802.1X认证服务的开机启动;</p>
<div class="cnblogs_code">
<pre>chkconfig --<span style="color: rgba(0, 0, 0, 1)">add wpa_network
chkconfig wpa_network on</span></pre>
</div>
<h1>三. 验证配置</h1>
<p>1. 手动验证802.1X的配置文件是否正确;<br>通过依次执行如下命令,来检查802.1X的配置文件是否正确,802.1X能否手动接入;
</p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">ifconfig enp0s25 down
wpa_supplicant </span>-B -i enp0s25 -c /etc/wpa_supplicant/wpa_supplicant.conf -<span style="color: rgba(0, 0, 0, 1)">D wired
ifconfig enp0s25 up
dhclient enp0s25
ip addr </span><span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">检查802.1X是否获取到了IP地址,如果获取到了,请继续下一步测试;</span>
ping www.baidu.com <span style="color: rgba(0, 128, 0, 1)">//</span><span style="color: rgba(0, 128, 0, 1)">检查是否能与公网通讯</span>
提示:如果能获取到地址,DNS也正确,却无法与公网通讯,注意检查防火墙,centos7有三个防火墙,firewalld、selinux、iptables;</pre>
</div>
<p>2. 重启系统整体验证802.1X能否自动接入;<br>如果不能自动接入,请检查第一步验证是否通过,以及/etc/init.d/wpa_network文件是否有可执行权限;</p><br><br>
来源:https://www.cnblogs.com/wangzengyi/p/12492720.html
頁:
[1]