Ensp with S5700 do 802.1 x authentication test - aaa test, if the domain account password mistake directly display the Info: User name or password wrong.
Fill in for the domain account password, shows the timeout instead most of all, new win10 under the vm system, can add the domain, but the identity authentication failed! Forever!
Ensp configuration and NPS configuration is as follows:
#
Sysname Huawei
#
Vlan batch 10 to 30, 100, 200, 250
#
The domain yh.com
#
Cluster enable
NTDP enable
NDP enable
#
Dot1x enable
Dot1x authentication method eap -
Dot1x DHCP - trigger
#
Drop the illegal - MAC alarm
#
DHCP enable
#
Diffserv domain default
#
Radius - server template yh
The radius server Shared - key cipher _u 5, 1) ZW; 04% (6 + U. "B=X1!!
Radius - server authentication 172.16.30.100 1812
Radius - server accounting 172.16.30.100 1813
Radius - server template y
#
Drop - profile default
#
Aaa
The authentication scheme - the default
The authentication scheme - NPS
Authentication - mode radius
Authorization - scheme default
Accounting - scheme default
Accounting - scheme acc
Accounting mode radius
-Domain default
Domain default_admin
The domain yh.com
The authentication scheme - NPS
Accounting - scheme acc
Radius - server yh
Local - user admin password simple admin
Local - user admin service -type HTTP
#
Interface Vlanif1
#
Interface Vlanif10
The description Switch
IP address 172.16.10.254 255.255.255.0
#
Interface Vlanif30
The description fuwuqi
IP address 172.16.30.254 255.255.255.0
#
Interface Vlanif100
IP address 172.16.100.254 255.255.255.0
DHCP select global
DHCP select relay
The DHCP relay server - IP 172.16.30.100
#
Interface Vlanif200
IP address 172.16.200.254 255.255.255.0
DHCP select global
DHCP select relay
The DHCP relay server - IP 172.16.30.100
#
Interface Vlanif250
IP address 172.16.250.254 255.255.255.0
DHCP select global
DHCP select relay
The DHCP relay server - IP 172.16.30.100
#
Interface MEth0/0/1
#
Interface GigabitEthernet0/0/1
The port link -type access
The port default vlan 100
Dot1x enable
Dot1x Max - user 1
The authentication guest - vlan 250
Dot1x port - method port
#
Interface GigabitEthernet0/.two survivors
The port link -type access
The port default vlan 30
#
Interface GigabitEthernet0/0/3
The port hybrid pvid vlan 100
The port hybrid untagged vlan 10 to 30, 100, 200
Dot1x enable
The authentication guest - vlan 250
#
Interface GigabitEthernet0/0/4
The port hybrid pvid vlan 250
The port hybrid untagged vlan 10 to 30, 100, 200
Dot1x enable
Dot1x Max - user 1
Dot1x port - method port
#
Interface GigabitEthernet0/0/5
#
Interface GigabitEthernet0/0/6
#
Interface GigabitEthernet0/0/7
#
Interface GigabitEthernet0/0/8
#
Interface GigabitEthernet0/0/9
#
Interface GigabitEthernet0/0/10
#
Interface GigabitEthernet0/0/11
#
Interface GigabitEthernet0/0/12
#
Interface GigabitEthernet0/0/13
#
Interface GigabitEthernet0/0/14
#
Interface GigabitEthernet0/0/15
#
Interface GigabitEthernet0/0/16
#
Interface GigabitEthernet0/0/17
#
Interface GigabitEthernet0/0/18
#
Interface GigabitEthernet0/0/19
#
Interface GigabitEthernet0/0/20
#
Interface GigabitEthernet0/0/21
#
Interface GigabitEthernet0/0/22
#
Interface GigabitEthernet0/0/23
#
Interface GigabitEthernet0/0/24
#
Interface NULL0
#
Interface LoopBack0
IP address 172.16.1.254 255.255.255.0
#
The user - interface con 0
The user - interface vty 0 4
#
The port - group hybrid
#
return