#### 一、配置Radius服务
```
radius scheme mac
primary authentication 10.113.33.51
primary accounting 10.113.33.51
key authentication cipher $c$3$bRJa6YzQFJI9oOqIoiChKe+U3HOXSkeOWg==
key accounting cipher $c$3$uqqzN2cwKT7bX1DRIgLJtMb5RwrjEs4uTw==
user-name-format without-domain
nas-ip 10.112.254.98
```
#### 二、配置Domain域
```
domain mac
authentication lan-access radius-scheme mac
authorization lan-access radius-scheme mac
accounting lan-access radius-scheme mac
```
#### 三、全局使能dot1x认证
```
dot1x
```
#### 四、全局使能MAC认证
```
mac-authentication
mac-authentication user-name-format mac-address with-hyphen lowercase //配置MAC地址认证用户名格式:使用带连字符的MAC地址作为用户名与密码,其中字母小写。
```
#### 五、物理接口配置dot1x+MAC认证
```
interface GigabitEthernet1/0/1
port access vlan 10
dot1x
dot1x mandatory-domain mac //指定端口上802.1X用户使用的强制认证域
mac-authentication
mac-authentication domain mac
mac-authentication parallel-with-dot1x //配置端口的MAC地址认证和802.1X认证并行处理功能
```
网友评论