802.1x�|�[�g�x�[�X�̔F�؂̐ݒ�

��̏͂ł́ACatalyst 3750�X�C�b�`��IEEE 802.1x�|�[�g�x�[�X�̔F�؂�ݒ肷��@�ɂ��Đ��܂��B LAN��A�z�e��A��`�A��Ƃ̃��r�[�ȂǂɊg��ƁA��S�Ƃ͌��Ȃ��ɂȂ�܂��A802.1x��g�p��΁A��̃f�o�C�X�i�N��C�A��g�j��l�b�g��[�N�փA�N�Z�X��̂�h��Ƃ��ł��܂��B ��ɖ��L��Ȃ��A �X�C�b�` �Ƃ��p��̓X�^��h�A�� X�C�b�`��уX�C�b�` �X�^�b�N��Ӗ��܂��B

��̏͂Ő��e�́A��̂Ƃ��ł��B

802.1x�|�[�g�x�[�X�̔F�؂̊T�v

IEEE 802.1x�K�i�́A�N��C�A��g/�T�[�o �x�[�X�̃A�N�Z�X��ƔF�؃v��g�R��ɂ��Ē�`��A�s��ȃN��C�A��g��I�ɃA�N�Z�X�\�ȃ|�[�g����LAN�ɐڑ��̂𐧌��܂��B�F�؃T�[�o�́A�X�C�b�` �|�[�g�ɐڑ��ꂽ�e�N��C�A��g��F�؂��Ă��A�X�C�b�`�܂��LAN��񋟂��T�[�r�X�𗘗p�ł��悤�ɂ��܂��B

�N��C�A��g��F�؂��܂ł́A802.1x�A�N�Z�X��ɂ��āA�N��C�A��g�ɐڑ��|�[�g��o�R��Extensible Authentication Protocol over LAN�iEAPOL�j�ACisco Discovery Protocol�iCDP�j�A��Spanning Tree Protocol�iSTP;�X�p�j��O �c��[ �v��g�R��j�g��t�B�b�N��܂��B�F�؂��ƁA�ʏ�̃g��t�B�b�N��|�[�g��ʉ߂ł��܂��B

��ł́A802.1x�|�[�g�x�[�X�F�؂ɂ��Đ��܂��B

�f�o�C�X�̖��

802.1x�|�[�g�x�[�X�F�؂��g�p��ƁA�l�b�g��[�N��̃f�o�C�X�� 802.1x�f�o�C�X�̖�� ̂悤�ȓ��̖��蓖�Ă��܂��B

802.1x�f�o�C�X�̖��

�N��C�A��g �\LAN��уX�C�b�`�ւ̃A�N�Z�X��v��āA�X�C�b�`��̗v��ɉ��f�o�C�X�i��[�N�X�e�[�V��j�B��[�N�X�e�[�V��ł́AMicrosoft Windows XP�I�y��[�e�B��O �V�X�e��ȂǁA802.1x��̃N��C�A��g �\�t�g�E�F�A��ғ��K�v��܂��i�N��C�A��g�́AIEEE 802.1x�K�i�� supplicant �ɂȂ�܂��j�B

Windows XP�l�b�g��[�N�ڑ��802.1x�F�؂̖��ɂ́A��URL�ɃA�N�Z�X��Microsoft Knowledge Base Article��Q�Ƃ��Ă��B

http://support.microsoft.com/support/kb/articles/Q303/5/97.ASP

�F�؃T�[�o �\��ۂɃN��C�A��g�̔F�؂��s��܂��B�F�؃T�[�o�́A�N��C�A��g��ID��m�F��A�N��C�A��g��LAN��уX�C�b�` �T�[�r�X�ւ̃A�N�Z�X��邩�ǂ��X�C�b�`�ɒʒm��܂��B�X�C�b�`�̓v��L�V�Ƃ��ċ@�\��̂ŁA�F�؃T�[�r�X�̓N��C�A��g�Ƀg��X�y�A��g�ł��B��̃��[�X�ŃT�|�[�g��Ă��F�؃T�[�o�́AExtensible Authentication Protocol�iEAP�j�g��@�\�𑕔��Remote Authentication Dial-In User Service�iRADIUS�j�Z�L��e�B �V�X�e��ł��B��́ACisco Secure Access Control Server�o�[�W��3.0�ȏ�ɑΉ��Ă��܂��BRADIUS�́ARADIUS�T�[�o��1�܂��͕��RADIUS�N��C�A��g�Ԃň��S�ȔF�؏�񂪌��N��C�A��g/�T�[�o ��f��œ��삵�܂��B
�X�C�b�` �i�G�b�W �X�C�b�`�܂��͖��A�N�Z�X �|�C��g�j�\�N��C�A��g�̔F�؃X�e�[�^�X�Ɋ�Â��ăl�b�g��[�N�ւ̕��I�ȃA�N�Z�X�𐧌䂵�܂��B�X�C�b�`�́A�N��C�A��g�ƔF�؃T�[�o�Ƃ̊Ԃ̔}��i�v��L�V�j�Ƃ��ċ@�\��A�N��C�A��g��ID��v��A��̏��F�؃T�[�o�Ŋm�F��A�N��C�A��g�ɉ��[��܂��B�X�C�b�`�ɂ�RADIUS�N��C�A��g��g�ݍ��܂�Ă��܂��BRADIUS�N��C�A��g�́AEAP�t��[��̃J�v�Z��/�J�v�Z��A��єF�؃T�[�o�Ƃ̑��ݍ�p�̖��ʂ��܂��B

�X�C�b�`��EAPOL�t��[��M��ĔF�؃T�[�o�Ƀ��[��ƁA�C�[�T�l�b�g �w�b�_�[��菜��A�c��EAP�t��[��RADIUS�`��ōēx�J�v�Z��܂��BEAP�t��[��̓J�v�Z��̊Ԃ͕ύX�⌟��s��ꂸ�A�F�؃T�[�o�̓l�C�e�B�u�̃t��[��`��EAP��T�|�[�g��K�v��܂��B�X�C�b�`��F�؃T�[�o��t��[��M��ƁA�T�[�o�̃t��[�� w�b�_�[��폜��AEAP�t��[��c��܂��B��ꂪ�C�[�T�l�b�g�p�ɃJ�v�Z��ăN��C�A��g�ɑ��M��܂��B

�}��Ƃ��ċ@�\�ł��f�o�C�X�ɂ́ACatalyst 3750�ACatalyst 3550�ACatalyst 2970�ACatalyst 2955�ACatalyst 2950�ACatalyst 2940�X�C�b�`�A�܂��͖��A�N�Z�X �|�C��g��܂��B��̃f�o�C�X�́ARADIUS�N��C�A��g��802.1x��T�|�[�g��\�t�g�E�F�A��s��Ă��K�v��܂��B

�F�؂̊J�n�ƃ��b�Z�[�W��

�X�C�b�`�܂��̓N��C�A��g�́A�F�؂��J�n�ł��܂��B dot1x port-control auto �C��^�[�t�F�C�X �R��t�B�M��[�V�� R�}��h��g�p��ă|�[�g��ŔF�؂��C�l�[�u��ɂ��ꍇ�A�X�C�b�`�́A�|�[�g�̃��N �X�e�[�g��_�E��A�b�v�Ɉڍs��Ƃ��m�F��Ƃ��ɁA�F�؂��J�n��K�v��܂��B��EAP�v��/�A�C�f��e�B�e�B �t��[��N��C�A��g�ɑ��M��ăA�C�f��e�B�e�B��v��܂��i��ʂɁA�X�C�b�`�͍ŏ��̃A�C�f��e�B�e�B/�v��t��[��𑗐M��āA��̂��Ƃ�1�܂��͕��̔F�؏��̗v��𑗐M��܂��j�B�t��[��̎�M��A�N��C�A��g��EAP��/�A�C�f��e�B�e�B �t��[��ŉ��܂��B

��A�N��ɃN��C�A��g��X�C�b�`��EAP�v��/�A�C�f��e�B�e�B �t��[��M��Ȃ��ꍇ�́A�N��C�A��g�́AEAPOL�J�n�t��[��𑗐M��ĔF�؂��J�n�ł��܂��B��ɂ��A�X�C�b�`�̓N��C�A��g�̃A�C�f��e�B�e�B��v��悤�ɂȂ�܂��B

��X�e�[�g��і��X�e�[�g�̃|�[�g

�N��C�A��g��̃A�C�f��e�B�e�B��ƁA�X�C�b�`�͔}��Ƃ��Ă̖��J�n��A�F�؂��܂��͎��s��܂ŃN��C�A��g�ƔF�؃T�[�o�Ƃ̊Ԃ�EAP�t��[��󂯓n��܂��B�F�؂��ƁA�X�C�b�`�̃|�[�g�͋��ꂽ��ԂɂȂ�܂��B�ڍׂɂ��ẮA ��X�e�[�g��і��X�e�[�g�̃|�[�g ��Q�Ƃ��Ă��B

��EAP�t��[��́A�g�p��F�ؕ�Ɉˑ��܂��B ��b�Z�[�W�� ɁARADIUS�T�[�o��One Time Password�iOTP;��^�C�� p�X��[�h�j�F�ؕ��g�p��N��C�A��g�ɂ��ĊJ�n��郁�b�Z�[�W��܂��B

��b�Z�[�W��

��X�e�[�g��і��X�e�[�g�̃|�[�g

�X�C�b�` �|�[�g�̃X�e�[�g�ɂ��āA�N��C�A��g��l�b�g��[�N �A�N�Z�X��Ă��邩�ǂ��킩��܂��B�|�[�g�́A �� X�e�[�g�ŊJ�n��܂��B��̃X�e�[�g�ɂ��Ԃ́A�|�[�g�́A802.1x�ACDP�ASTP�̃v��g�R�� p�P�b�g��ׂĂ̓�g��t�B�b�N��яo�g��t�B�b�N��܂��B�N��C�A��g��ɔF�؂��ƁA�|�[�g�� �� �X�e�[�g�Ɉڍs��A��̃N��C�A��g�ւ̂��ׂẴg��t�B�b�N�͒ʏ�̃t��[��܂��B

802.1x��T�|�[�g��Ȃ��N��C�A��g��802.1x�|�[�g�ɐڑ��Ă��ꍇ�́A�X�C�b�`�̓N��C�A��g�ɃA�C�f��e�B�e�B��v��܂��B��̏ꍇ�A�N��C�A��g�͗v��ɉ��ł��Ȃ��̂ŁA�|�[�g�͖��X�e�[�g�̂܂܂ŁA�N��C�A��g�̓l�b�g��[�N �A�N�Z�X��܂��B

�ΏƓI�ɁA802.1x�Ή��N��C�A��g��802.1x�v��g�R��s��Ă��Ȃ��|�[�g�ɐڑ��Ă��ꍇ�A�N��C�A��g��EAPOL�J�n�t��[��𑗐M��ĔF�؃v��Z�X��J�n��܂��B��Ȃ��ꍇ�A�N��C�A��g�͗v��̉񐔂��M��܂��B��Ȃ��̂ŁA�N��C�A��g�̓|�[�g��X�e�[�g�ɂ��̂Ƃ��ăt��[��̑��M��J�n��܂��B

�|�[�g�̋��X�e�[�g�𐧌䂷��ɂ́A dot1x port-control �C��^�[�t�F�C�X �R��t�B�M��[�V�� R�}��h�ƈȉ��̃L�[��[�h��g�p��܂��B

force-authorized �\802.1x�F�؂��f�B�Z�[�u��ɂ��āA�F�؏��̌��v��Ƀ|�[�g��X�e�[�g�Ɉڍs��܂��B�|�[�g�́A�N��C�A��g��802.1x�x�[�X�̔F�؂Ȃ��Œʏ�̃g��t�B�b�N�𑗎�M��܂��B��ꂪ�f�t�H��g�ݒ�ł��B
force-unauthorized �\�|�[�g�𖳋��X�e�[�g�̂܂܂ɂ��A�N��C�A��g��F�؂��݂Ă��ׂĖ��܂��B�X�C�b�`�́A�C��^�[�t�F�C�X���ăN��C�A��g�ɔF�؃T�[�r�X��񋟂ł��܂��B
auto �\802.1x�F�؂��C�l�[�u��ɂ��āA�|�[�g�ɖ��X�e�[�g�ŊJ�n��AEAPOL�t��[��|�[�g�o�R�ő��M�ł��悤�ɂ��܂��B�|�[�g�̃��N �X�e�[�g��_�E��A�b�v�Ɉڍs��邩�AEAPOL�J�n�t��[��M��ƁA�F�؃v��Z�X��J�n��܂��B�X�C�b�`�́A�N��C�A��g�̃A�C�f��e�B�e�B��v��A�N��C�A��g�ƔF�؃T�[�o�ԂŔF�؃��b�Z�[�W�̃��[��J�n��܂��B�X�C�b�`�̓l�b�g��[�N�ɃA�N�Z�X��悤�Ƃ��e�N��C�A��g��A�N��C�A��g��MAC�A�h��X��g�p��Ĉ�ӂɎ��ʂ��܂��B

�N��C�A��g��ɔF�؂��Ɓi�F�؃T�[�o��Accept�t��[��M��Ɓj�A�|�[�g��X�e�[�g�ɕς��A�F�؂��ꂽ�N��C�A��g�̃t��[��͂��ׂĂ��̃|�[�g�o�R�ő��M��܂��B�F�؂��s��ꍇ�́A�|�[�g�͖��X�e�[�g�̂܂܂ł��A�F�؂��Ď��s�ł��܂��B�F�؃T�[�o�ɃA�N�Z�X�ł��Ȃ��ꍇ�A�X�C�b�`�͗v��đ��M�ł��܂��B�w�肳�ꂽ��s�񐔂̌�ł��T�[�o��牞��Ȃ��ꍇ�́A�F�؂��s��A�l�b�g��[�N �A�N�Z�X�͋��܂��B

�N��C�A��g�̓��O�I�t��EAPOL��O�I�t ��b�Z�[�W�𑗐M��܂��B��ɂ��A�X�C�b�` �|�[�g�͖��X�e�[�g�Ɉڍs��܂��B

�|�[�g�̃��N �X�e�[�g��A�b�v��_�E��Ɉڍs��ꍇ�A�܂��EAPOL��O�I�t �t��[��M��ꍇ�́A�|�[�g�͖��X�e�[�g�ɖ߂�܂��B

�T�|�[�g�Ώۃg�|��W�[

802.1x�|�[�g�x�[�X�̔F�؂́A��2�̃g�|��W�[�ŃT�|�[�g��Ă��܂��B

�|�C��g�c�[�|�C��g
��LAN

��LAN�̗� �ɁA��LAN�ł�802.1x�|�[�g�x�[�X�̔F�؂��܂��B802.1x�|�[�g�͕��z�X�g �|�[�g�Ƃ��Đݒ肳��Ă��A��̃|�[�g��1�̃N��C�A��g��F�؂��Ƃ��ɋ��X�e�[�g�ɂȂ�܂��B�|�[�g��ƁA��̃|�[�g�ɊԐړI�ɐڑ��Ă��c��̃z�X�g�͂��ׂāA�l�b�g��[�N �A�N�Z�X��܂��B�|�[�g��ɂȂ�Ɓi�ĔF�؂��s��邩�AEAPOL��O�I�t ��b�Z�[�W��M��j�A�X�C�b�`�́A�ڑ��Ă��邷�ׂẴN��C�A��g�ɑ΂��ăl�b�g��[�N �A�N�Z�X��ۂ��܂��B��̃g�|��W�[�ł́A��A�N�Z�X �|�C��g�́A�ڑ��Ă��N��C�A��g��F�؂��A�X�C�b�`�ɑ΂��ăN��C�A��g�Ƃ��ċ@�\��܂��B

��LAN�̗�

802.1x�ƃ|�[�g �Z�L��e�B�̎g�p��@

�P��z�X�g ��[�h�܂��͕��z�X�g ��[�h�̂ǂ��炩�ŁA802.1x�|�[�g��у|�[�g �Z�L��e�B��ݒ�ł��܂��i switchport port-security �C��^�[�t�F�C�X �R��t�B�M��[�V�� R�}��h��g�p��ă|�[�g�Ƀ|�[�g �Z�L��e�B��ݒ肵�Ȃ��΂Ȃ�܂��j�B�|�[�g��̃|�[�g �Z�L��e�B��802.1x��C�l�[�u��ɂ��ƁA802.1x��|�[�g��F�؂��A�|�[�g �Z�L��e�B��N��C�A��g��MAC�A�h��X��܂ނ��ׂĂ�MAC�A�h��X�ɂ��ăl�b�g��[�N �A�N�Z�X��Ǘ��܂��B��̏ꍇ�A802.1x�|�[�g���ăl�b�g��[�N�փA�N�Z�X�ł��N��C�A��g�̐��ƃO��[�v�𐧌��ł��܂��B

��Ƃ��΁A�X�C�b�`�ɂ��āA802.1x�ƃ|�[�g �Z�L��e�B�̊Ԃɂ͎��̂悤�ȑ��ݍ�p��܂��B

�N��C�A��g��F�؂��A�|�[�g �Z�L��e�B �e�[�u��ς��ɂȂ��Ă��Ȃ��ꍇ�A�N��C�A��g��MAC�A�h��X��Z�L��A �z�X�g�̃|�[�g �Z�L��e�B ��X�g�ɒǉ��܂��B�ǉ��ƁA�|�[�g��ʏ�ǂ��A�N�e�B�u�ɂȂ�܂��B

�N��C�A��g��F�؂��ă|�[�g �Z�L��e�B��蓮�Őݒ肳�ꂽ�ꍇ�A�Z�L��A �z�X�g �e�[�u��̃G��g��ۏ؂��܂��i�|�[�g �Z�L��e�B�̃X�^�e�B�b�N �G�[�W��O��C�l�[�u��ɂȂ��Ă��Ȃ��ꍇ�j�B

�N��C�A��g��F�؂��Ă��Z�L��e�B �e�[�u��ς��̏ꍇ�́A�Z�L��A�ᔽ��܂��B��́A�Z�L��A �z�X�g�̍ő吔��X�^�e�B�b�N�ɐݒ肳��Ă��邩�A�܂��̓Z�L��A �z�X�g �e�[�u��ł̃N��C�A��g�̗L��؂ꂽ�ꍇ�ɔ��܂��B�N��C�A��g�̃A�h��X�̗L��؂ꂽ�ꍇ�A��̃N��C�A��g�̃Z�L��A �z�X�g �e�[�u��̈ʒu�͑��̃z�X�g�Ɏ��đ��܂��B

�ŏ��̔F�؃z�X�g�ɂ��ăZ�L��e�B�ᔽ��N��ꂽ�ꍇ�A�C��^�[�t�F�C�X��errdisable�ƂȂ�A��ɃV��b�g�_�E��܂��B

�|�[�g �Z�L��e�B�ᔽ��[�h�́A�Z�L��e�B�ᔽ�̓��𔻕ʂ��܂��B�ڍׂɂ��ẮA �Z�L��e�B�ᔽ ��Q�Ƃ��Ă��B

no switchport port-security mac-address mac-address �C��^�[�t�F�C�X �R��t�B�M��[�V�� R�}��h��g�p��āA802.1x�N��C�A��g�̃A�h��X��|�[�g �Z�L��e�B �e�[�u��蓮�ō폜��ꍇ�́Adot1x re-authenticate interface interface-id �C�l�[�u��EXEC�R�}��h��g�p��802.1x�N��C�A��g��ĔF�؂��K�v��܂��B
802.1x�N��C�A��g��O�I�t��ƁA�|�[�g��X�e�[�g�Ɉڍs��A�N��C�A��g�̃G��g��܂ރZ�L��A �z�X�g �e�[�u��̂��ׂẴ_�C�i�~�b�N �G��g��N��A��܂��B��Œʏ�̔F�؂��s��܂��B
�|�[�g��Ǘ��̗��R��V��b�g�_�E��ꍇ�A�|�[�g�͖��X�e�[�g�ɂȂ肷�ׂẴ_�C�i�~�b�N �G��g��̓Z�L��A �z�X�g �e�[�u��폜��܂��B
�|�[�g �Z�L��e�B�Ɖ��VLAN�́A�P��z�X�g�܂��͕��z�X�g ��[�h�̂ǂ��炩�ŁA802.1x�|�[�g�ɓ��ɐݒ�ł��܂��B�|�[�g �Z�L��e�B�́Avoice VLAN identifier�iVVID;��VLAN ID�j��port VLAN identifier�iPVID;�|�[�gVLAN ID�j�̗��ɓK�p��܂��B

�X�C�b�`�̃|�[�g �Z�L��e�B��C�l�[�u��ɂ��@�̏ڍׂɂ��ẮA �|�[�g �Z�L��e�B�̐ݒ� ��Q�Ƃ��Ă��B

802.1x�Ɖ��VLAN�|�[�g�̎g�p��@

��VLAN�|�[�g�́A2��VLAN ID�Ɋ֘A�t��ꂽ��ȃA�N�Z�X �|�[�g�ł��B

IP Phone�̓�o��g��t�B�b�N��邽�߂�VVID�BVVID�́A�|�[�g�ɐڑ��Ă��IP Phone��ݒ肷�邽�߂Ɏg�p��܂��B
IP Phone��ʂ��ăX�C�b�`�Ɛڑ��Ă��郏�[�N�X�e�[�V��̓�o�f�[�^ �g��t�B�b�N��邽�߂�PVID�BPVID�́A�|�[�g�̃l�C�e�B�uVLAN�ł��B

��VLAN�ɐݒ肳�ꂽ�e�|�[�g�ɁAPVID��VVID��֘A�t��܂��B��̐ݒ�ɂ��āA��g��t�B�b�N�ƃf�[�^ �g��t�B�b�N��قȂ�VLAN�ɕ��邱�Ƃ��ł��܂��B

Cisco IOS Release 12.1(14)EA1��O�̃��[�X�ł́A�P��z�X�g ��[�h�̃X�C�b�`�͒P��z�X�g��̃g��t�B�b�N�݂̂��󂯎��A��g��t�B�b�N�͎�M�ł��܂��ł��B��z�X�g ��[�h�ł́A�X�C�b�`�̓N��C�A��g��v��C�}��VLAN��ŔF�؂��܂ŉ��g��t�B�b�N��󂯎��Ȃ��߁AIP Phone�̓��[�U��O�C��܂œ��s�\�ł��B

Cisco IOS Release 12.1(14)EA1�ȏ�ł́AIP Phone�́A�|�[�g�̋��X�e�[�g�܂��͖��X�e�[�g�Ɋւ�炸�A��g��t�B�b�N�p�Ƃ��VVID��g�p��܂��B��ɂ��āAIP Phone��802.1x�F�؂Ƃ͓Ɨ��ē��ł��܂��B

�P��z�X�g ��[�h��C�l�[�u��ɂ��ƁA��VVID�ɂ��ĕ��IP Phone��܂��B��APVID�ł́A1��802.1x�N��C�A��g��܂��B��z�X�g ��[�h��C�l�[�u��ɂ��ۂ�802.1x��[�U��v��C�}��VLAN�ŔF�؂��Ă��ꍇ�A802.1x�F�؂��v��C�}��VLAN�Ő��Ή��VLAN�֖��ɃN��C�A��g��ǉ��ł��܂��B

��N��݂��Ă��Ή��VLAN�|�[�g�̓A�N�e�B�u�ɂȂ�AIP Phone��̍ŏ��CDP��b�Z�[�W��󂯎��ƃf�o�C�X��MAC�A�h��X��炩�ɂȂ�܂��BCisco IP Phone�́A��̃f�o�C�X��CDP��b�Z�[�W��[��܂��B��̂��߁A��IP Phone��Őڑ��Ă��A�X�C�b�`�͎��g�ɒ��ڐڑ��ꂽIP Phone��F��܂��B��VLAN�|�[�g��802.1x��C�l�[�u��ɂ��ƁA�X�C�b�`��2�z�b�v�ȏ㗣�ꂽ�F��Ă��Ȃ�IP Phone��̃p�P�b�g�͔p��܂��B

802.1x��|�[�g�ŃC�l�[�u��ɂ��ƁA��VLAN�Ɠ��悤�Ƀ|�[�gVLAN��ݒ�ł��܂��B

��VLAN�̏ڍׂɂ��ẮA ��VLAN�̐ݒ� ��Q�Ƃ��Ă��B

802.1x��VLAN��蓖�Ă̎g�p��@

Cisco IOS Release 12.1(14)EA1��Â��[�X�ł́A802.1x�|�[�g��F�؂��ƁARADIUS�T�[�o��f�[�^�x�[�X��狖�ς�VLAN�̏��߂��Ă��A��̃|�[�g�͎��g�ɐݒ肳�ꂽ�A�N�Z�XVLAN�ɑ΂��ċ��Ă��܂��B�A�N�Z�XVLAN�́A�A�N�Z�X �|�[�g�Ɋ��蓖�Ă�ꂽVLAN�ł��A��̃|�[�g�Ƃ̊Ԃő��M��ꂽ��ׂẴp�P�b�g�́A��VLAN�ɑ��Ă��܂��B

��ACisco IOS Release 12.1(14)EA1�ȏ�ł́A�X�C�b�`��802.1x��VLAN��蓖�Ă��T�|�[�g��Ă��܂��B�|�[�g��802.1x�F�؂��ƁARADIUS�T�[�o�́A�X�C�b�` �|�[�g��ݒ肷�邽�߂�VLAN��蓖�Ă𑗐M��܂��BRADIUS�T�[�o�̃f�[�^�x�[�X�́A��[�U��/VLAN�̑Ή��ێ��܂��B��̑Ή��ł́A�X�C�b�` �|�[�g�ɐڑ��N��C�A��g�̃��[�U��Ɋ�Â��VLAN��蓖�ĂĂ��܂��B��̋@�\��g�p��āA��胆�[�U�̃l�b�g��[�N �A�N�Z�X�𐧌��ł��܂��B

�X�C�b�`��RADIUS�T�[�o��ݒ肷��ہA802.1x��VLAN��蓖�Ăɂ͎��̓��܂��B

RADIUS�T�[�o��VLAN��蓖�ĂĂ��Ȃ��A�܂��802.1x��f�B�Z�[�u��̏ꍇ�A�F�؂��Ƀ|�[�g�̓A�N�Z�XVLAN�ɐݒ肳��܂��B
802.1x�F�؂��C�l�[�u��ARADIUS�T�[�o��VLAN��񂪗L��łȂ��ꍇ�ɂ́A�|�[�g�͖��X�e�[�g��߂��A�ݒ�ς݂̃A�N�Z�XVLAN��ɗ��܂�܂��B��ɂ��A�ݒ�G��[�ɂ��ĕs�K�؂�VLAN��Ƀ|�[�g��ˑR��邱�Ƃ�h��܂��B

�ݒ�G��[�ɂ́A��[�e�b�h �|�[�g�ւ�VLAN�̎w��A�Ԉ��VLAN ID�A��݂��Ȃ��܂��͓��i��[�e�b�h �|�[�g�́j��VLAN ID�A��邢�͉��VLAN ID�ւ̊��蓖�Ď��s�A�Ȃǂ��܂��B

802.1x��C�l�[�u��RADIUS�T�[�o��̂��ׂĂ̏�񂪗L��̏ꍇ�A�|�[�g�͔F�؂��w�肵��VLAN�ɔz�u��܂��B
802.1x�|�[�g�ŕ��z�X�g ��[�h��C�l�[�u��̏ꍇ�́A�S�Ẵz�X�g��ŏ��ɔF�؂��ꂽ�z�X�g�Ɠ��VLAN�iRADIUS�T�[�o�ɂ��Ďw�肳�ꂽ�j�ɔz�u��܂��B
802.1x�ƃ|�[�g �Z�L��e�B��|�[�g��ŃC�l�[�u��̏ꍇ�́A��̃|�[�g��RADIUS�T�[�o�ɂ��Ċ��蓖�Ă�ꂽVLAN�ɔz�u��܂��B
802.1x��|�[�g�Ńf�B�Z�[�u��̏ꍇ�́A�ݒ�ς݂̃A�N�Z�X VLAN�ɖ߂�܂��B

�|�[�g��iforce authorized�j�A��iforce unauthorized�j�A��A�V��b�g�_�E��̂��ꂩ�̃X�e�[�g�̏ꍇ�A��̃|�[�g�͐ݒ�ς݂̃A�N�Z�XVLAN�ɔz�u��܂��B

802.1X�|�[�g��F�؂��ARADIUS�T�[�o�ɂ��Ċ��蓖�Ă�ꂽVLAN�ɔz�u��ꂽ�ꍇ�A�|�[�g�̃A�N�Z�XVLAN�ݒ�ւ̕ύX�͔��f��܂��B

VLAN��蓖�ċ@�\�t��802.1x�́A�g��N �|�[�g�A�_�C�i�~�b�N �|�[�g�A�܂��VLAN Membership Policy Server�iVMPS�j��g�p��_�C�i�~�b�N �A�N�Z�X �|�[�g��蓖�Ăł̓T�|�[�g��Ă��܂��B

VLAN��蓖�Ă�ݒ肷��ɂ́A��̍�Ƃ��s��K�v��܂��B

network �L�[��[�h��g�p��AAA��C�l�[�u��ɂ��ARADIUS�T�[�o��̃C��^�[�t�F�C�X�ݒ��\�ɂ��܂��B
802.1x��C�l�[�u��ɂ��܂��iVLAN��蓖�ċ@�\�́A�A�N�Z�X �|�[�g��802.1x��ݒ肳��Ǝ��I�ɃC�l�[�u��ɂȂ�܂��j�B
RADIUS�T�[�o�Ƀx��_�[�ŗL�̃g��l�� A�g��r��[�g��蓖�Ă܂��BRADIUS�T�[�o�͎��̃A�g��r��[�g��X�C�b�`�ɖ߂��Ȃ��΂Ȃ�܂��B
[64] �g��l�� ^�C�v = VLAN
[65] �g��l�� f�B�A �^�C�v = 802
[81] �g��l�� v��C�x�[�g �O��[�vID = VLAN��܂��VLAN ID

�A�g��r��[�g[64]�́A�l VLAN �itype 13�j�łȂ��΂Ȃ�܂��B�A�g��r��[�g�m65�n�́A�l 802 �itype 6�j�łȂ��΂Ȃ�܂��B�A�g��r��[�g�m81�n�ɂ́A802.1x�F�؃��[�U�Ɋ��蓖�Ă�ꂽ VLAN�� �܂�� VLAN ID ��w�肵�܂��B

�g��l�� A�g��r��[�g�̗�ɂ��ẮA �x��_�[�ŗL��RADIUS�A�g��r��[�g�p�ɃX�C�b�`��ݒ肷��@ ��Q�Ƃ��Ă��B

802.1x�ƃQ�X�gVLAN�̎g�p��@

�X�C�b�`��̊e802.1x�|�[�g�ɃQ�X�gVLAN��ݒ肵�A�N��C�A��g�ւ̃T�[�r�X��ł��܂��i��Ƃ��΁A802.1x�N��C�A��g�̃_�E��[�h��@�j�B��̃N��C�A��g��802.1x�F�ؑΉ��̃V�X�e��ɃA�b�v�O��[�h��Ă��ꍇ��΁AWindows 98�V�X�e��Ȃǂ̈ꕔ�̃z�X�g��802.1x�ɑΉ��Ă��Ȃ��ꍇ��܂��B

�F�؃T�[�o��EAPOL�v��/�A�C�f��e�B�e�B �t��[��ւ̉��M��Ȃ��ꍇ�A802.1x��Ή��̃N��C�A��g�̓|�[�g�̃Q�X�gVLAN�i�ݒ肳��Ă��ꍇ�j�ɔz�u��܂��B��A�T�[�o�́A�l�b�g��[�N�ւ̔F�؃A�N�Z�X�Ɏ��s��802.1x�Ή��̃N��C�A��g�͋��܂��B�X�C�b�` �|�[�g��Q�X�gVLAN�Ɉړ��ꂽ�ꍇ�ɂ́A��Ƀz�X�g�ɃA�N�Z�X��܂��B802.1x�Ή��̃z�X�g��A�Q�X�gVLAN��ݒ肳��Ă��|�[�g�Ɠ��|�[�g�Ɍ��ƁA��̃|�[�g�̓��[�U�ݒ�ς݂̃A�N�Z�XVLAN��Ŗ��X�e�[�g�Ɉڍs��A�F�؂��蒼��܂��B

�Q�X�gVLAN�́A�P��z�X�g�܂��͕��z�X�g ��[�h��802.1x�|�[�g�ŃT�|�[�g��Ă��܂��B

RSPAN VLAN�܂��͉��VLAN��A�C�ӂ̃A�N�e�B�uVLAN��802.1x�Q�X�gVLAN�Ƃ��Đݒ�ł��܂��B�Q�X�gVLAN�@�\�́A��VLAN�i��[�e�b�h �|�[�g�j�܂��̓g��N �|�[�g�ł̓T�|�[�g��Ă��܂��B�A�N�Z�X �|�[�g��ł̂݃T�|�[�g��܂��B

�ڍׂɂ��ẮA �Q�X�gVLAN�̐ݒ� ��Q�Ƃ��Ă��B

802.1x�ƃ��[�U�P��ACL�̎g�p��@

��[�U�P�ʂ�Access Control List�iACL;�A�N�Z�X��䃊�X�g�j��C�l�[�u��ɂ��āA802.1x�F�؃��[�U��قȂ郌�x��̃l�b�g��[�N �A�N�Z�X��T�[�r�X��g��悤�ɂł��܂��BRADIUS�T�[�o�́A802.1x�|�[�g�ɐڑ��Ă��郆�[�U��F�؂��ƁA��[�UID�Ɋ�Â�ACL�A�g��r��[�g��A��X�C�b�`�֑��M��܂��B�X�C�b�`�́A��[�U �Z�b�V��̊ԁA��̃A�g��r��[�g��802.1x�|�[�g�ɓK�p��܂��B�X�C�b�`�́A�Z�b�V��̏I��A�F�؂��s��ꍇ�A�܂��̓��N�_�E��Ԃ̔��ɁA��[�U�P�ʂ�ACL�ݒ��폜��܂��B�X�C�b�`�́ARADIUS�ŗL��ACL��s�R��t�B�M��[�V��ɂ͕ۑ��܂��B�|�[�g��̏ꍇ�A�X�C�b�`�͂��̃|�[�g��ACL��폜��܂��B

��Catalyst 3750�X�C�b�`��ŁAACL�̐ݒ肨��у|�[�gACL�̓�͂��s��Ƃ��ł��܂��B��A�|�[�gACL�̓��[�^ACL��D�悳��܂��B��͍ς݂̃|�[�gACL��VLAN�ɑ��C��^�[�t�F�C�X�ɓK�p��ꍇ�A�|�[�gACL��VLAN�C��^�[�t�F�C�X�ɓK�p��͍ς݂̃��[�^ACL��D�悳��܂��B�|�[�gACL��K�p��ꂽ�|�[�g��Ŏ�M��M�p�P�b�g�́A�|�[�gACL�ɂ��ăt�B��^��O��܂��B��̑��̃|�[�g�ɒ��M��[�e�b�h �p�P�b�g�́A��[�^ACL�ɂ��ăt�B��^��O��܂��B��M��郋�[�e�b�h �p�P�b�g�́A��[�^ACL�ɂ��ăt�B��^��O��܂��B�ݒ�̖��ɂ́ARADIUS�T�[�o�ɕۑ��郆�[�U �v��t�@�C��T�d�Ɍv�悵�Ȃ��΂Ȃ�܂��B

RADIUS�́AVendor Specific Attribute�iVSA�j�Ȃǂ̃��[�U�P�ʃA�g��r��[�g��T�|�[�g��܂��B��VSA�́A�I�N�e�b�g �X�g��O�`��ŁA�F�؃v��Z�X��ɃX�C�b�`�ɓn��܂��B��[�U�P��ACL�Ɏg�p��VSA�́A��͕��ł� inacl#<n> �ŁA�o�͕��ł� outacl#<n> �ł��BMAC ACL�́A��͕��ł̂݃T�|�[�g��܂��BCatalyst 3750�X�C�b�`�́A��͕��ł̂�VSA��T�|�[�g��܂��B��C��2�C��^�[�t�F�C�X�̏o�͕��ł̓|�[�gACL��T�|�[�g��܂��B�ڍׂɂ��ẮA ACL�ɂ��l�b�g��[�N �Z�L��e�B�̐ݒ� ��Q�Ƃ��Ă��B

�g��ACL�\��`��݂̂��g�p��āARADIUS�T�[�o�ɕۑ��郆�[�U�P�ʂ̐ݒ��`��܂��BRADIUS�T�[�o��`��n��ꍇ�A�g��K��g�p��č쐬��܂��B��A�t�B��^ ID�A�g��r��[�g��g�p��ꍇ�A�W��ACL��Ƃ��ł��܂��B

�t�B��^ID�A�g��r��[�g��g�p��āA��łɃX�C�b�`�ɐݒ肳��Ă��钅�M�܂��͔��MACL��w��ł��܂��B�A�g��r��[�g�ɂ́AACL�ԍ��ƁA��̌�ɓ�̓t�B��^��O��o�̓t�B��^��O�� .in �܂�� .out ��܂܂�Ă��܂��BRADIUS�T�[�o�� .in �܂�� .out �\��Ȃ��ꍇ�A�A�N�Z�X ��X�g�̓f�t�H��g�Ŕ��MACL�ɓK�p��܂��B�X�C�b�`��ł�Cisco IOS�A�N�Z�X ��X�g�̃T�|�[�g�͌��肳��Ă��邽�߁A�t�B��^ID�A�g��r��[�g�͔ԍ��1�`199��1300�`2699�܂ł�IP ACL�iIP�W��ACL��IP�g��ACL�j�ł̂݃T�|�[�g��Ă��܂��B

1�|�[�g��T�|�[�g��802.1x�F�؃��[�U��1��[�U�݂̂ł��B��z�X�g ��[�h��|�[�g�ŃC�l�[�u��̏ꍇ�A��[�U�P��ACL�A�g��r��[�g�͊֘A�|�[�g�Ńf�B�Z�[�u��ł��B

��[�U�P��ACL�̍ő�T�C�Y�́A4000 ASCII��ł��B

�x��_�[�ŗL�̃A�g��r��[�g�̗�ɂ��ẮA �x��_�[�ŗL��RADIUS�A�g��r��[�g�p�ɃX�C�b�`��ݒ肷��@ ��Q�Ƃ��Ă��BACL�̐ݒ�̏ڍׂɂ��ẮA ACL�ɂ��l�b�g��[�N �Z�L��e�B�̐ݒ� ��Q�Ƃ��Ă��B

��[�U�P��ACL��ݒ肷��ɂ́A�ȉ��s��K�v��܂��B

AAA�F�؂��C�l�[�u��ɂ��܂��B
network �L�[��[�h��g�p��AAA��C�l�[�u��ɂ��ARADIUS�T�[�o��̃C��^�[�t�F�C�X�ݒ��\�ɂ��܂��B
802.1x��C�l�[�u��ɂ��܂��B
RADIUS�T�[�o�Ƀ��[�U �v��t�@�C��VSA��ݒ肵�܂��B
802.1x�|�[�g��P��z�X�g ��[�h�ɐݒ肵�܂��B

802.1x�ƃX�C�b�` �X�^�b�N

�X�C�b�`��X�C�b�` �X�^�b�N�Œǉ��܂��͍폜��Ă��ARADIUS�T�[�o�ƃX�^�b�N�Ԃ�IP�ڑ��̂܂܎c��Ă��́A802.1x�F�؂ɂ͉e��͂��܂��B��̂��Ƃ́A�X�^�b�N �}�X�^�[��X�C�b�` �X�^�b�N��폜��ꂽ�ꍇ�ɂ��Ă͂܂�܂��B�X�^�b�N �}�X�^�[�ɏ�Q��ƁA�X�^�b�N ��o�[�� X�C�b�` �X�^�b�N�̊Ǘ� �ɋL�ڂ��ꂽ�I��v��Z�X��g�p��ĐV��ȃX�^�b�N �}�X�^�[�ƂȂ�A802.1x�F�؃v��Z�X��ʏ�ǂ��p��_�ɒ��ӂ��Ă��B

RADIUS�T�[�o�ւ�IP�ڑ��A�T�[�o�ɐڑ��Ă��X�C�b�`��폜��ꂽ�A�܂��͂��̃X�C�b�`�ɏ�Q��Ƃ��R�Őؒf��ꂽ�ꍇ�ɂ́A��̃C�x��g��܂��B

��ɔF�؍ς݂Œ��I�ȍĔF�؂��C�l�[�u��Ă��Ȃ��|�[�g�́A�F�؃X�e�[�g�̂܂܂ł��BRADIUS�T�[�o�Ƃ̂��͕K�v��܂��B
��ɔF�؍ς݂ŁA��I�ȍĔF�؂��C�l�[�u��Ă��|�[�g�́i dot1x re-authentication �O��[�o�� R��t�B�M��[�V�� R�}��h��g�p��āj �A�ĔF�؎��ɔF�؃v��Z�X�Ɏ��s��܂��B�|�[�g�́A�ĔF�؃v��Z�X�Ŕ�F�؃X�e�[�g�ɖ߂�܂��BRADIUS�T�[�o�Ƃ̂��肪�K�v�ƂȂ�܂��B

�i�s��̔F�؂́A�T�[�o�ڑ��Ȃ��ߑ��Ɏ��s��܂��B

��Q��X�C�b�`��ĂуA�b�v��A�X�C�b�` �X�^�b�N�ɎQ��ꍇ�́A�N��ԂƁA�F�؂��s��܂ł�RADIUS�T�[�o�ւ̐ڑ��Ċm��ꂽ��ǂ��ɂ��āA�F�؂͎��s��邱�Ƃ��΂��Ȃ��Ƃ��܂��B

RADIUS�T�[�o�ւ̐ڑ��̐ؒf��ɂ́A�璷�ڑ��m��Ă��K�v��܂��B��Ƃ��΁A�X�^�b�N �}�X�^�[�ւ̏璷�ڑ��ƃX�^�b�N ��o�[�ւ̕ʂ̏璷�ڑ��m��Ă��΁A�X�^�b�N �}�X�^�[�ɏ�Q��Ă��A�X�C�b�` �X�^�b�N��RADIUS�T�[�o�ւ̐ڑ��ێ��ł��܂��B

802.1x�F�؂̐ݒ�

��ł́A�X�C�b�`��802.1x�|�[�g�x�[�X�̔F�؂�ݒ肷��菇��܂��B

802.1x�̃f�t�H��g�ݒ�
802.1x�ݒ莞�̒��ӎ��
��\�t�g�E�F�A ��[�X��̃A�b�v�O��[�h
802.1x�F�؂̐ݒ� �i�K�{�j
�X�C�b�`��RADIUS�T�[�o�ԒʐM��ݒ肷��@ �i�K�{�j
��I�ȍĔF�؂̐ݒ� �i�C�Ӂj
�蓮�ɂ��|�[�g�ڑ��N��C�A��g�̍ĔF�� i�C�Ӂj
�ҋ@��Ԃ̕ύX �i�C�Ӂj
�X�C�b�`�ƃN��C�A��g�Ԃ̍đ��M��Ԃ̕ύX �i�C�Ӂj
�X�C�b�`�ƃN��C�A��g�Ԃ̃t��[��đ��M�񐔂̐ݒ� �i�C�Ӂj
�z�X�g ��[�h�̐ݒ� �i�C�Ӂj
�Q�X�gVLAN�̐ݒ� �i�C�Ӂj
802.1x�ݒ��f�t�H��g�l�Ƀ��Z�b�g��@ �i�C�Ӂj

802.1x�̃f�t�H��g�ݒ�

802.1x�̃f�t�H��g�ݒ� �ɁA802.1x�̃f�t�H��g�ݒ��܂��B

802.1x�̃f�t�H��g�ݒ�
�@�\	�f�t�H��g�ݒ�
Authentication, Authorization, and Accounting�iAAA;�F�؁A��A�A�J�E��e�B��O�j	�f�B�Z�[�u��
RADIUS�T�[�o IP�A�h��X UDP�F�؃\|�[�g ��	�w��Ȃ� 1812 �w��Ȃ�
�X�C�b�`��802.1x�C�l�[�u�� X�e�[�g	�f�B�Z�[�u��
�C��^�[�t�F�C�X�P�ʂ�802.1x�C�l�[�u�� X�e�[�g	�f�B�Z�[�u��iforce-authorized�j �\|�[�g�́A�N��C�A��g��802.1x�x�[�X�̔F�؂Ȃ��Œʏ�̃g��t�B�b�N�𑗎�M��܂��B
��I�ĔF��	�f�B�Z�[�u��
�ĔF�؎��s�Ԋu	3600�b
�ҋ@��	60�b�i�N��C�A��g�Ƃ̔F�،��s��ƁA�X�C�b�`��ҋ@�X�e�[�g�ɂƂǂ܂�b��j
�đ��M��	30�b�i�X�C�b�`��A�N��C�A��g��EAP�v��/�A�C�f��e�B�e�B �t��[��ɑ΂��鉞��҂��A�v��đ��M��܂ł̕b��j
�ő�đ��M��	2��i�X�C�b�`��A�F�؃v��Z�X��ĊJ��܂ł�EAP�v��/�A�C�f��e�B�e�B �t��[��𑗐M��񐔁j
�z�X�g ��[�h	�P��z�X�g ��[�h
�Q�X�gVLAN	�w��Ȃ�
�N��C�A��g�̃^�C��A�E�g��	30�b �i�F�؃T�[�o��̗v��N��C�A��g�Ƀ��[��Ƃ��A�X�C�b�`��҂��A�N��C�A��g�ɗv��đ��M��܂ł̎��ԁj
�F�؃T�[�o�̃^�C��A�E�g��	30�b�i�N��C�A��g�̉��F�؃T�[�o�Ƀ��[��Ƃ��A�X�C�b�`��҂��A�T�[�o�ɉ��𑗐M��܂ł̎��ԁB ��̒l�͐ݒ�ύX�s�\�j

802.1x�ݒ莞�̒��ӎ��

802.1x�F�؂̐ݒ莞�̒��ӎ��͎��̂Ƃ��ł��B

802.1x��C�l�[�u��ɐݒ肳��Ă��ƁA��̃��C��2�܂��̓��C��3�@�\��C�l�[�u��ɂȂ�O�ɁA�|�[�g�͔F�؂��܂��B
802.1x�v��g�R��̓��C��2�X�^�e�B�b�N�A�N�Z�X �|�[�g�A��VLAN�|�[�g�A��C��3��[�e�b�h �|�[�g�ŃT�|�[�g��Ă��܂��A��̃|�[�g �^�C�v�ł̓T�|�[�g��Ă��܂��B
�g��N �|�[�g�\�g��N �|�[�g��802.1x��C�l�[�u��ɂ��悤�Ƃ��ƁA�G��[ ��b�Z�[�W��\��A802.1x�̓C�l�[�u��ɂȂ�܂��B802.1x�Ή��|�[�g�̃��[�h��g��N�ɕύX��悤�Ƃ��Ă��A�G��[ ��b�Z�[�W��\��A�|�[�g ��[�h�͕ύX��܂��B
�_�C�i�~�b�N �|�[�g�\�_�C�i�~�b�N ��[�h�̃|�[�g�́A�ߐڃ|�[�g�ƃl�S�V�G�[�V��ăg��N �|�[�g�ɂȂ�\��܂��B�_�C�i�~�b�N �|�[�g��802.1x��C�l�[�u��ɂ��悤�Ƃ��ƁA�G��[ ��b�Z�[�W��\��A802.1x�̓C�l�[�u��ɂȂ�܂��B802.1x�Ή��|�[�g�̃��[�h��_�C�i�~�b�N�ɕύX��悤�Ƃ��Ă��A�G��[ ��b�Z�[�W��\��A�|�[�g ��[�h�͕ύX��܂��B
�_�C�i�~�b�N �A�N�Z�X �|�[�g�\�_�C�i�~�b�N �A�N�Z�X�iVLAN Query Protocol [VQP]�j�|�[�g��802.1x��C�l�[�u��ɂ��悤�Ƃ��ƁA�G��[ ��b�Z�[�W��\��A802.1x�̓C�l�[�u��ɂȂ�܂��B802.1x�Ή��|�[�g��_�C�i�~�b�NVLAN��蓖�ĂɕύX��悤�Ƃ��ƁA�G��[ ��b�Z�[�W��\��AVLAN�ݒ�͕ύX��܂��B
EtherChannel�|�[�g�\EtherChannel�̃A�N�e�B�u ��o�[�ł��|�[�g��802.1x�|�[�g�Ƃ��Đݒ肵�Ȃ��ł��BEtherChannel�̂܂��A�N�e�B�u�ɂȂ��Ă��Ȃ��|�[�g��802.1x��C�l�[�u��ɂ��Ă��A�|�[�g��EtherChannel�ɉ��܂��B
Switched Port Analyzer�iSPAN;�X�C�b�`�h �|�[�g �A�i��C�U�j��Remote SPAN�iRSPAN;��[�gSPAN�j��|�[�g�\SPAN�܂��RSPAN��|�[�g�ł��|�[�g��802.1x��C�l�[�u��ɂł��܂��B��ASPAN�܂��RSPAN��|�[�g�Ƃ��č폜��܂ł́A802.1x�̓f�B�Z�[�u��ɂȂ�܂��BSPAN�܂��RSPAN��M��|�[�g�ł́A802.1x��C�l�[�u��ɂł��܂��B
RSPAN VLAN�܂��͉��VLAN��A�C�ӂ�VLAN��802.1x�Q�X�gVLAN�Ƃ��Đݒ�ł��܂��B�Q�X�gVLAN�@�\�́A��VLAN�i��[�e�b�h �|�[�g�j�܂��̓g��N �|�[�g�ł̓T�|�[�g��Ă��܂��B�A�N�Z�X �|�[�g��ł̂݃T�|�[�g��܂��B
802.1x��|�[�g�ŃC�l�[�u��ɂ��ƁA��VLAN�Ɠ��悤�Ƀ|�[�gVLAN��ݒ�ł��܂��B
VLAN��蓖�ċ@�\�t��802.1x�́A�g��N �|�[�g�A�_�C�i�~�b�N �|�[�g�A�܂��VMPS��g�p��_�C�i�~�b�N �A�N�Z�X �|�[�g��蓖�Ăł̓T�|�[�g��Ă��܂��B

��\�t�g�E�F�A ��[�X��̃A�b�v�O��[�h

Cisco IOS Release 12.1(14)EA1�ł́A802.1x�̎��͂��ȑO�̃��[�X�Ƃ͈قȂ��Ă��܂��B�ꕔ�̃O��[�o�� R��t�B�M��[�V�� R�}��h��C��^�[�t�F�C�X �R��t�B�M��[�V�� R�}��h�ƂȂ�A�V��ȃR�}��h��ǉ��܂��B

802.1x��ݒ�ς݂̃X�C�b�`��Cisco IOS Release 12.1(14)EA1�ȏ�փA�b�v�O��[�h��ꍇ�́A�R��t�B�M��[�V�� t�@�C��ɐV�K�R�}��h��܂܂�Ȃ��߁A802.1x�͓��삵�܂��B�A�b�v�O��[�h��ɁA dot1x system-auth-control �O��[�o��R��t�B�M��[�V�� R�}��h��g�p��ăO��[�o��802.1x��C�l�[�u��K�v��܂��B802.1x��ȑO�̃��[�X�̃C��^�[�t�F�C�X��ŕ��z�X�g ��[�h�ŉғ��Ă��ꍇ�́A�K��A dot1x host-mode multi-host �C��^�[�t�F�C�X �R��t�B�M��[�V�� R�}��h��g�p��Ă��Đݒ肵�Ă��B

802.1x�F�؂̐ݒ�

802.1x�|�[�g�x�[�X�̔F�؂��C�l�[�u��ɂ��ɂ́AAAA��C�l�[�u��ɂ��ĔF�ؕ��X�g��w�肷��K�v��܂��B��X�g�́A��[�U�F�؂̂��߃N�G��M��s��菇�ƔF�ؕ��L�q��̂ł��B

�\�t�g�E�F�A�́A1�ԖڂɃ��X�g��ꂽ��g�p��āA��[�U��F�؂��܂��B��̕��Ɏ��s��ƁA�\�t�g�E�F�A�͕��X�g�̎��̔F�ؕ��I��܂��B��̃v��Z�X�́A��X�g��̔F�ؕ�ɂ��ʐM��邩�A��`��ꂽ��ׂĎ��܂ő��܂��B��̃T�C�N��̂��ꂩ�̒n�_�ŔF�؂��s��ƁA�F�؃v��Z�X�͒�~��A��̔F�ؕ��s��邱�Ƃ͂��܂��B

��[�U�P��ACL�܂��VLAN��蓖�Ă��\�ɂ��ɂ́AAAA��C�l�[�u��ɂ��ăl�b�g��[�N�֘A�̂��ׂẴT�[�r�X�v��ɑ΂��ăX�C�b�`��ݒ肷��K�v��܂��B

802.1x�|�[�g�x�[�X�̔F�؂�ݒ肷��ɂ́A�C�l�[�u��EXEC��[�h�Ŏ��̎菇��s��܂��B��̎菇�͕K�{�ł��B

	�R�}��h	��
	configure terminal	�O��[�o�� R��t�B�M��[�V�� [�h��J�n��܂��B
	aaa new-model	AAA��C�l�[�u��ɂ��܂��B
	aaa authentication dot1x { default } method1 [ method2 ...]	802.1x�F�ؕ��X�g��쐬��܂��B authentication �R�}��h�ɖ��O�t��X�g�� �w�肳��Ȃ� �ꍇ�Ɏg�p��f�t�H��g�̃��X�g��쐬��ɂ́A default �L�[��[�h�̌��Ƀf�t�H��g�̏󋵂Ŏg�p��w�肵�܂��B�f�t�H��g�̕��X�g�́A��I�ɂ��ׂẴC��^�[�t�F�C�X�ɓK�p��܂��B ��̃L�[��[�h��Œ�1��͂��܂��B group radius �\�F�؂ɂ��ׂĂ�RADIUS�T�[�o�̃��X�g��g�p��܂��B none �\�F�؂��g�p��܂��B�X�C�b�`�́A�N��C�A��g��񋟂��g�p��ɁA�N��C�A��g��I�ɔF�؂��܂��B
	dot1x system-auth-control	�X�C�b�`��802.1x�F�؂��O��[�o��ɃC�l�[�u��ɂ��܂��B
	aaa authorization network { default } group radius	�i�C�Ӂj��[�U�P��ACL��VLAN��蓖�ĂȂǁA�l�b�g��[�N�֘A�̂��ׂẴT�[�r�X�v��ɑ΂��郆�[�URADIUS��X�C�b�`�ɐݒ肵�܂��B ��[�U�P��ACL�̏ꍇ�́A�P��z�X�g ��[�h��ݒ肷��K�v��܂��B��̓f�t�H��g�ݒ�ł��B
	interface interface-id	�C��^�[�t�F�C�X �R��t�B�M��[�V�� [�h��J�n��A�N��C�A��g�ɐڑ��ꂽ�C��^�[�t�F�C�X�̒��ŁA802.1x�F�؂��C�l�[�u��ɂ��̂��w�肵�܂��B
	dot1x port-control auto	�C��^�[�t�F�C�X��802.1x�F�؂��C�l�[�u��ɂ��܂��B �@�\�̑��ݍ�p�̏ڍׂɂ��ẮA 802.1x�ݒ莞�̒��ӎ�� Q�Ƃ��Ă��B
	end	�C�l�[�u��EXEC��[�h�ɖ߂�܂��B
	show dot1x	�ݒ��m�F��܂��B
	copy running-config startup-config	�i�C�Ӂj�R��t�B�M��[�V�� t�@�C��ɐݒ��ۑ��܂��B

AAA��f�B�Z�[�u��ɂ��ɂ́A no aaa new-model �O��[�o�� R��t�B�M��[�V�� R�}��h��g�p��܂��B802.1x AAA�F�؂��f�B�Z�[�u��ɂ��ɂ́A no aaa authentication dot1x { default | list-name } �O��[�o�� R��t�B�M��[�V�� R�}��h��g�p��܂��B802.1x AAA��f�B�Z�[�u��ɂ��ɂ́A no aaa authorization �O��[�o�� R��t�B�M��[�V�� R�}��h��g�p��܂��B�X�C�b�`��802.1x�F�؂��f�B�Z�[�u��ɂ��ɂ́A no dot1x system-auth-control �O��[�o�� R��t�B�M��[�V�� R�}��h��g�p��܂��B

��̗�́A�X�^�b�N ��o�[2�̃|�[�gFast Ethernet 0/1��AAA��802.1x��C�l�[�u��ɂ��@��Ă��܂��B

Switch# configure terminal

Switch(config)# aaa new-model

Switch(config)# aaa authentication dot1x default group radius

Switch(config)# dot1x system-auth-control

Switch(config)# interface fastethernet2/0/1

Switch(config)# switchport mode access

Switch(config-if)# dot1x port-control auto

Switch(config-if)# end

�X�C�b�`��RADIUS�T�[�o�ԒʐM��ݒ肷��@

RADIUS�Z�L��e�B �T�[�o�́A�z�X�g��܂��IP�A�h��X�A�z�X�g��Ɠ��UDP�|�[�g�ԍ��A��邢��IP�A�h��X�Ɠ��UDP�|�[�g�ԍ��Ŏ��ʂ��܂��BIP�A�h��X��UDP�|�[�g�ԍ��̑g�ݍ��킹�ɂ��A��ӂ̎��ʎq��쐬��A��ɂ��A�T�[�o��̓��IP�A�h��X�̕��UDP�|�[�g��RADIUS�v��𑗐M�ł��܂��B��RADIUS�T�[�o��2�̈قȂ�z�X�g �G��g��T�[�r�X�i��Ƃ��΁A�F�؁j��ݒ肵�Ă��ꍇ�A��Ƃ��ݒ肳�ꂽ�z�X�g �G��g��́A�ŏ��̃G��g��̃t�F�[�� I�[�o�[ �o�b�N�A�b�v�Ƃ��ċ@�\��܂��BRADIUS�̃z�X�g �G��g��́A�ݒ肳�ꂽ��Ŏ��܂��B

�X�C�b�`��RADIUS�T�[�o �p��[�^��ݒ肷��ɂ́A�C�l�[�u��EXEC��[�h�Ŏ��̎菇��s��܂��B��̎菇�͕K�{�ł��B

	�R�}��h	��
	configure terminal	�O��[�o�� R��t�B�M��[�V�� [�h��J�n��܂��B
	radius-server host { hostname \| ip-address } auth-port port-number key string	RADIUS�T�[�o �p��[�^��ݒ肵�܂��B hostname \| ip-address �ɂ́A��[�gRADIUS�T�[�o�̃z�X�g��܂��IP�A�h��X��w�肵�܂��B auth-port port-number �ɂ́A�F�ؗv��UDP��\|�[�g��w�肵�܂��B�f�t�H��g��1812�ŁA�w��ł��͈͂�0�`65536�ł��B key string �ɂ́A�X�C�b�`��RADIUS�T�[�o��ŉғ��RADIUS�f�[��Ƃ̊ԂŎg�p��F�؂��шÍ��w�肵�܂��B��́ARADIUS�T�[�o��Ŏg�p��Í��ƈ�v��K�v�̂��镶��ł��B ��s�X�y�[�X�͖��܂��A��̓r��і��̃X�y�[�X�͎g�p��邽�߁A��͕K�� radius-server host �R�}��h�\��̍Ō�̍��ڂƂ��Đݒ肵�Ă��B��ɃX�y�[�X��g�p��ꍇ�́A��̈ꕔ�Ƃ��Ĉ�p��g�p��ꍇ��āA��p��ň͂܂Ȃ��ł��B��̌��́ARADIUS�f�[��Ŏg�p��Í��ƈ�v��K�v��܂��B RADIUS�T�[�o�𕡐��g�p��ꍇ�́A��̃R�}��h��J��Ԃ��͂��Ă��B
	end	�C�l�[�u��EXEC��[�h�ɖ߂�܂��B
	show running-config	�ݒ��m�F��܂��B
	copy running-config startup-config	�i�C�Ӂj�R��t�B�M��[�V�� t�@�C��ɐݒ��ۑ��܂��B

��RADIUS�T�[�o��폜��ɂ́A no radius-server host { hostname | ip-address } �O��[�o�� R��t�B�M��[�V�� R�}��h��g�p��܂��B

��̗�́AIP�A�h��X��172.20.39.46�̃T�[�o��RADIUS�T�[�o�Ƃ��Ďw�肵�A�|�[�g1612��|�[�g�Ƃ��Ďg�p��A�Í��RADIUS�T�[�o��̌�� rad123 �ɐݒ肵�܂��B

Switch(config)# radius-server host 172.l20.39.46 auth-port 1612 key rad123

radius-server host �O��[�o�� R��t�B�M��[�V�� R�}��h��g�p��ƁA��ׂĂ�RADIUS�T�[�o�ɑ΂��ă^�C��A�E�g�A�đ��M�A��шÍ��̒l��O��[�o��ɐݒ�ł��܂��B�T�[�o�P�ʂł��̃I�v�V��ݒ肷��ꍇ�́A radius-server timeout �A radius-server retransmit �A�� radius-server key �O��[�o�� R��t�B�M��[�V�� R�}��h��g�p��܂��B�ڍׂɂ��ẮA ��ׂĂ�RADIUS�T�[�o�ɑ΂��ݒ� ��Q�Ƃ��Ă��B

��ɁARADIUS�T�[�o�ł��̐ݒ��s��K�v��܂��B��̐ݒ�Ƃ́A�X�C�b�`��IP�A�h��X�A��уT�[�o�ƃX�C�b�`�ŋ��p��L�[ �X�g��O�ł��B�ڍׂɂ��ẮARADIUS�T�[�o�̃}�j��A��Q�Ƃ��Ă��B

��I�ȍĔF�؂̐ݒ�

802.1x�N��C�A��g�̒��I�ȍĔF�؂��C�l�[�u��ɂ��āA��̔��Ԋu��w��ł��܂��B�ĔF�؂̊Ԋu��w�肵�Ȃ��ꍇ�́A�ĔF�؂�3600�b��Ƃɍs��܂��B

�N��C�A��g�̒��I�ȍĔF�؂��C�l�[�u��ɂ��āA�ĔF�؂��s��Ԋu�i�b��j��ݒ肷��ɂ́A�C�l�[�u��EXEC��[�h�Ŏ��̎菇��s��܂��B��̎菇�͔C�ӂł��B

	�R�}��h	��
	configure terminal	�O��[�o�� R��t�B�M��[�V�� [�h��J�n��܂��B
	interface interface-id	�C��^�[�t�F�C�X �R��t�B�M��[�V�� [�h��J�n��A�ݒ肷��C��^�[�t�F�C�X��w�肵�܂��B
	dot1x reauthentication	�f�t�H��g�ł̓f�B�Z�[�u��ɐݒ肳��Ă��I�ȍĔF�؂��C�l�[�u��ɂ��܂��B
	dot1x timeout reauth-period seconds	�ĔF�؂��s��Ԋu�i�b��j�ݒ肵�܂��B �w��ł��͈͂� 1 �` 65535 �b�ł��B�f�t�H��g��3600�b�ł��B ��̃R�}��h��X�C�b�`�̓��ɉe��̂́A��I�ȍĔF�؂��C�l�[�u��ɐݒ肳��Ă��ꍇ��ł��B
	end	�C�l�[�u��EXEC��[�h�ɖ߂�܂��B
	show dot1x interface interface-id	�ݒ��m�F��܂��B
	copy running-config startup-config	�i�C�Ӂj�R��t�B�M��[�V�� t�@�C��ɐݒ��ۑ��܂��B

��I�ȍĔF�؂��f�B�Z�[�u��ɂ��ɂ́A no dot1x reauthentication �C��^�[�t�F�C�X �R��t�B�M��[�V�� R�}��h��g�p��܂��B�f�t�H��g�̍ĔF�؎��s�Ԋu�ɖ߂��ɂ́A no dot1x timeout reauth-period �C��^�[�t�F�C�X �R��t�B�M��[�V�� R�}��h��g�p��܂��B

��̗�ł́A��I�ĔF�؂��C�l�[�u��ɂ��A�ĔF�؂��s��Ԋu��4000�b�ɐݒ肵�܂��B

Switch(config-if)# dot1x reauthentication

Switch(config-if)# dot1x timeout reauth-period 4000

�蓮�ɂ��|�[�g�ڑ��N��C�A��g�̍ĔF��

dot1x re-authenticate interface interface-id �C�l�[�u��EXEC�R�}��h��g�p��ƁA��̃|�[�g�ɐڑ��Ă��N��C�A��g��蓮�ł��ł��ĔF�؂ł��܂��B��̎菇�͔C�ӂł��B��I�ȍĔF�؂��C�l�[�u��܂��̓f�B�Z�[�u��ɂ��ꍇ�́A ��I�ȍĔF�؂̐ݒ� ��Q�Ƃ��Ă��B

��̗�́A�X�^�b�N ��o�[2�̃|�[�gFast Ethernet 0/1�ɐڑ��N��C�A��g��蓮�ōĔF�؂��@��Ă��܂��B

Switch# dot1x re-authenticate interface fastethernet2/0/1

�ҋ@��Ԃ̕ύX

�X�C�b�`��N��C�A��g��F�؂ł��Ȃ��ꍇ�́A�X�C�b�`�͈�莞�ԃA�C�h��Ԃ𑱂��A��̌�Ď��s��܂��B�A�C�h��Ԃ́Aquiet-period�̒l�ɂ��Č��܂�܂��B�N��C�A��g��ȃp�X��[�h��񋟂��߁A�N��C�A��g�̔F�؎��s��N��\��܂��B�f�t�H��g��菬��l��͂��邱�ƂŁA��[�U�ɑ΂��鉞��Ԃ�Z�k�ł��܂��B

�ҋ@��Ԃ�ύX��ɂ́A�C�l�[�u��EXEC��[�h�Ŏ��̎菇��s��܂��B��̎菇�͔C�ӂł��B

	�R�}��h	��
	configure terminal	�O��[�o�� R��t�B�M��[�V�� [�h��J�n��܂��B
	interface interface-id	�C��^�[�t�F�C�X �R��t�B�M��[�V�� [�h��J�n��A�ݒ肷��C��^�[�t�F�C�X��w�肵�܂��B
	dot1x timeout quiet-period seconds	�N��C�A��g�Ƃ̔F�،��s��ƁA�X�C�b�`��ҋ@�X�e�[�g�ɂ��b��ݒ肵�܂��B �w��ł��͈͂�1�`65535�b�ŁA�f�t�H��g��60�b�ł��B
	end	�C�l�[�u��EXEC��[�h�ɖ߂�܂��B
	show dot1x interface interface-id	�ݒ��m�F��܂��B
	copy running-config startup-config	�i�C�Ӂj�R��t�B�M��[�V�� t�@�C��ɐݒ��ۑ��܂��B

�f�t�H��g�̑ҋ@��Ԃɖ߂��ɂ́A no dot1x timeout quiet-period �C��^�[�t�F�C�X �R��t�B�M��[�V�� R�}��h��g�p��܂��B

��̗�ł́A�X�C�b�`��̑ҋ@��Ԃ�30�b�ɐݒ肵�܂��B

Switch(config-if)# dot1x timeout quiet-period 30

�X�C�b�`�ƃN��C�A��g�Ԃ̍đ��M��Ԃ̕ύX

�N��C�A��g�́A�X�C�b�`��EAP�v��/�A�C�f��e�B�e�B �t��[��ɁAEAP��/�A�C�f��e�B�e�B �t��[��ŉ��܂��B�X�C�b�`�͂��̉��M��Ȃ��ꍇ�A��莞�ԁi�đ��M��ԁj�ҋ@��Ă��A�t��[��đ��M��܂��B

�X�C�b�`��N��C�A��g�̒ʒm��ҋ@��鎞�Ԃ�ύX��ɂ́A�C�l�[�u��EXEC��[�h�Ŏ��̎菇��s��܂��B��̎菇�͔C�ӂł��B

	�R�}��h	��
	configure terminal	�O��[�o�� R��t�B�M��[�V�� [�h��J�n��܂��B
	interface interface-id	�C��^�[�t�F�C�X �R��t�B�M��[�V�� [�h��J�n��A�ݒ肷��C��^�[�t�F�C�X��w�肵�܂��B
	dot1x timeout tx-period seconds	�X�C�b�`��N��C�A��g��EAP�v��/�A�C�f��e�B�e�B �t��[��ɑ΂��鉞��҂��A�v��đ��M��܂ł̕b��ݒ肵�܂��B �w��ł��͈͂�1�`65535�b�ŁA�f�t�H��g��30�b�ł��B
	end	�C�l�[�u��EXEC��[�h�ɖ߂�܂��B
	show dot1xinterface interface-id	�ݒ��m�F��܂��B
	copy running-config startup-config	�i�C�Ӂj�R��t�B�M��[�V�� t�@�C��ɐݒ��ۑ��܂��B

�f�t�H��g�̍đ��M��Ԃɖ߂��ɂ́A no dot1x timeout tx-period �C��^�[�t�F�C�X �R��t�B�M��[�V�� R�}��h��g�p��܂��B

��̗�ł́A�X�C�b�`��N��C�A��g��EAP�v��/�A�C�f��e�B�e�B �t��[��ɑ΂��鉞��҂��A�v��đ��M��܂ł̕b��60�b�ɐݒ肵�܂��B

Switch(config-if)# dot1x timeout tx-period 60

�X�C�b�`�ƃN��C�A��g�Ԃ̃t��[��đ��M�񐔂̐ݒ�

�X�C�b�`�ƃN��C�A��g�Ԃ̍đ��M��Ԃ̕ύX��łȂ��A�i��M��Ȃ��ꍇ�j�F�؃v��Z�X��ĊJ��܂łɁA�X�C�b�`��N��C�A��g��EAP�v��/�A�C�f��e�B�e�B �t��[��𑗐M��񐔂�ύX�ł��܂��B

�X�C�b�`�ƃN��C�A��g�Ԃ̃t��[��đ��M�񐔂�ݒ肷��ɂ́A�C�l�[�u��EXEC��[�h�Ŏ��̎菇��s��܂��B��̎菇�͔C�ӂł��B

	�R�}��h	��
	configure terminal	�O��[�o�� R��t�B�M��[�V�� [�h��J�n��܂��B
	interface interface-id	�C��^�[�t�F�C�X �R��t�B�M��[�V�� [�h��J�n��A�ݒ肷��C��^�[�t�F�C�X��w�肵�܂��B
	dot1x max-req count	�X�C�b�`��A�F�؃v��Z�X��ĊJ��܂ł�EAP�v��/�A�C�f��e�B�e�B �t��[��N��C�A��g�ɑ��M��񐔂�ݒ肵�܂��B�w��ł��͈͂�1�`10�ŁA�f�t�H��g��2�ł��B
	end	�C�l�[�u��EXEC��[�h�ɖ߂�܂��B
	show dot1x interface interface-id	�ݒ��m�F��܂��B
	copy running-config startup-config	�i�C�Ӂj�R��t�B�M��[�V�� t�@�C��ɐݒ��ۑ��܂��B

�f�t�H��g�̍đ��M�񐔂ɖ߂��ɂ́A no dot1x max-req �C��^�[�t�F�C�X �R��t�B�M��[�V�� R�}��h��g�p��܂��B

��̗�ł́A�F�؃v��Z�X��ĊJ��܂łɁA�X�C�b�`��EAP�v��/�A�C�f��e�B�e�B �t��[��𑗐M��񐔂�5�ɐݒ肵�܂��B

Switch(config-if)# dot1x max-req 5

�z�X�g ��[�h�̐ݒ�

��LAN�̗� �̂悤�ɁA��̃z�X�g��1��802.1x�Ή��|�[�g�ɐڑ��ł��܂��B��̃��[�h�ł́A�ڑ��z�X�g�̂��ꂩ1��΁A��ׂẴz�X�g��l�b�g��[�N �A�N�Z�X��܂��B�|�[�g��i�ĔF�؂��s��邩EAPOL��O�I�t ��b�Z�[�W��M��ꍇ�j�ɂȂ�ƁA�ڑ��ꂽ��ׂẴN��C�A��g�̃l�b�g��[�N �A�N�Z�X��ۂ��܂��B

��z�X�g ��[�h��C�l�[�u��̏ꍇ�A802.1x��|�[�g�̔F�؂Ɏg�p��A�N��C�A��g��܂ނ��ׂĂ�MAC�A�h��X�ւ̃l�b�g��[�N �A�N�Z�X��|�[�g �Z�L��e�B��Ǘ��܂��B

dot1x port-control �C��^�[�t�F�C�X �R��t�B�M��[�V�� R�}��h�� auto �ɐݒ肳��Ă��802.1x��|�[�g��ŁA��̃z�X�g�i�N��C�A��g�j��ɂ́A�C�l�[�u��EXEC��[�h�Ŏ��̎菇��s��܂��B��̎菇�͔C�ӂł��B

	�R�}��h	��
	configure terminal	�O��[�o�� R��t�B�M��[�V�� [�h��J�n��܂��B
	interface interface-id	�C��^�[�t�F�C�X �R��t�B�M��[�V�� [�h��J�n��A��̃z�X�g��ԐړI�ɐڑ��C��^�[�t�F�C�X��w�肵�܂��B
	dot1x host-mode multi-host	802.1x��\|�[�g��ŁA��̃z�X�g�i�N��C�A��g�j��܂��B �w�肳�ꂽ�C��^�[�t�F�C�X�ɂ�� �A dot1x port-control �C��^�[�t�F�C�X �R��t�B�M��[�V�� R�}��h�� auto �ɐݒ肳��Ă��邱�Ƃ��m�F��܂��B
	end	�C�l�[�u��EXEC��[�h�ɖ߂�܂��B
	show dot1x interface interface-id	�ݒ��m�F��܂��B
	copy running-config startup-config	�i�C�Ӂj�R��t�B�M��[�V�� t�@�C��ɐݒ��ۑ��܂��B

�|�[�g��̕��z�X�g��f�B�Z�[�u��ɂ��ɂ́Ano dot1x host-mode multi-host �C��^�[�t�F�C�X �R��t�B�M��[�V�� R�}��h��g�p��܂��B

��̗�́A�X�^�b�N ��o�[2�̃C��^�[�t�F�C�XFastEthernet 0/1��802.1x��C�l�[�u��ɂ��A��|�[�g��@��Ă��܂��B

Switch(config)# interface fastethernet2/0/1

Switch(config-if)# dot1x port-control auto

Switch(config-if)# dot1x host-mode multi-host

�Q�X�gVLAN�̐ݒ�

�Q�X�gVLAN��ݒ肷��ƁA�T�[�o��EAPOL�v��/�A�C�f��e�B�e�B �t��[��ւ̉��M��Ȃ��ꍇ�ɁA802.1x��Ή��̃N��C�A��g�̓Q�X�gVLAN�ɔz�u��܂��B802.1x�Ή��A�F�؂Ɏ��s��N��C�A��g�́A�l�b�g��[�N�ւ̃A�N�Z�X�͋��܂��B�X�C�b�`�́A�P��z�X�g ��[�h�܂��͕��z�X�g ��[�h�ŃQ�X�gVLAN��T�|�[�g��܂��B

�Q�X�gVLAN��ݒ肷��ɂ́A�C�l�[�u��EXEC��[�h�Ŏ��̎菇��s��܂��B��̎菇�͔C�ӂł��B

	�R�}��h	��
	configure terminal	�O��[�o�� R��t�B�M��[�V�� [�h��J�n��܂��B
	interface interface-id	�C��^�[�t�F�C�X �R��t�B�M��[�V�� [�h��J�n��A�ݒ肷��C��^�[�t�F�C�X��w�肵�܂��B�T�\|�[�g��Ă��C��^�[�t�F�C�X �^�C�v�ɂ��ẮA 802.1x�ݒ莞�̒��ӎ�� Q�Ƃ��Ă��B
	dot1x guest-vlan vlan-id	�A�N�e�B�uVLAN��802.1x�Q�X�gVLAN�Ƃ��Ďw�肵�܂��B�w��ł��͈͂�1�`4094�ł��B ��VLAN�i��[�e�b�h �\|�[�g�j�ARSPAN VLAN�A�܂��͉��VLAN��A�C�ӂ̃A�N�e�B�uVLAN��802.1x�Q�X�gVLAN�Ƃ��Đݒ�ł��܂��B
	end	�C�l�[�u��EXEC��[�h�ɖ߂�܂��B
	show dot1x interface interface-id	�ݒ��m�F��܂��B
	copy running-config startup-config	�i�C�Ӂj�R��t�B�M��[�V�� t�@�C��ɐݒ��ۑ��܂��B

�Q�X�gVLAN��f�B�Z�[�u��폜��ɂ́A no dot1x guest-vlan �C��^�[�t�F�C�X �R��t�B�M��[�V�� R�}��h��g�p��܂��B�|�[�g�́A��X�e�[�g�ɖ߂�܂��B

��̗�́A�X�^�b�N ��o�[2�̃C��^�[�t�F�C�XGigabitEthernet 0/2��VLAN 2��802.1x�Q�X�gVLAN�Ƃ��ăC�l�[�u��ɂ��@��Ă��܂��B

Switch(config)# interface gigabitethernet2/0/2

Switch(config-if)# dot1x guest-vlan 2

802.1x�ݒ��f�t�H��g�l�Ƀ��Z�b�g��@

802.1x�ݒ��f�t�H��g�l�Ƀ��Z�b�g��ɂ́A�C�l�[�u��EXEC��[�h�Ŏ��̎菇��s��܂��B��̎菇�͔C�ӂł��B

	�R�}��h	��
	configure terminal	�O��[�o�� R��t�B�M��[�V�� [�h��J�n��܂��B
	interface interface-id	�C��^�[�t�F�C�X �R��t�B�M��[�V�� [�h��J�n��A�ݒ肷��C��^�[�t�F�C�X��w�肵�܂��B
	dot1x default	�ݒ�ύX�\��802.1x�p��[�^��f�t�H��g�l�Ƀ��Z�b�g��܂��B
	end	�C�l�[�u��EXEC��[�h�ɖ߂�܂��B
	show dot1x interface interface-id	�ݒ��m�F��܂��B
	copy running-config startup-config	�i�C�Ӂj�R��t�B�M��[�V�� t�@�C��ɐݒ��ۑ��܂��B

802.1x��v��񂨂�уX�e�[�^�X�̕\��

��ׂẴC��^�[�t�F�C�X��802.1x��v��\��ɂ́A show dot1x all statistics �C�l�[�u��EXEC�R�}��h��g�p��܂��B��̃C��^�[�t�F�C�X��802.1x��v��\��ɂ́A show dot1x statistics interface interface-id �C�l�[�u��EXEC�R�}��h��g�p��܂��B

�X�C�b�`�ɂ��802.1x�Ǘ��ѓ��̃X�e�[�^�X��\��ɂ́A show dot1x all �C�l�[�u��EXEC�R�}��h��g�p��܂��B��̃C��^�[�t�F�C�X��802.1x�Ǘ��ѓ��̃X�e�[�^�X��\��ɂ́A show dot1x interface interface-id �C�l�[�u��EXEC�R�}��h��g�p��܂��B

�\��t�B�[��h�̏ڍׂɂ��ẮA��̃��[�X�̃R�}��h ��t�@��X��Q�Ƃ��Ă��B

802.1x�|�[�g�x�[�X�̔F�؂̐ݒ�

802.1x�|�[�g�x�[�X�̔F�؂̊T�v

�f�o�C�X�̖���

802.1x�f�o�C�X�̖���

�F�؂̊J�n�ƃ��b�Z�[�W����

���b�Z�[�W����

���X�e�[�g����і����X�e�[�g�̃|�[�g

�T�|�[�g�Ώۃg�|���W�[

����LAN�̗�

802.1x�ƃ|�[�g �Z�L�����e�B�̎g�p��@

802.1x�Ɖ���VLAN�|�[�g�̎g�p��@

802.1x��VLAN���蓖�Ă̎g�p��@

802.1x�ƃQ�X�gVLAN�̎g�p��@

802.1x�ƃ��[�U�P��ACL�̎g�p��@

802.1x�ƃX�C�b�` �X�^�b�N

802.1x�F�؂̐ݒ�

802.1x�̃f�t�H���g�ݒ�

802.1x�̃f�t�H���g�ݒ�

802.1x�ݒ莞�̒��ӎ���

���\�t�g�E�F�A �����[�X����̃A�b�v�O���[�h

802.1x�F�؂̐ݒ�

�X�C�b�`��RADIUS�T�[�o�ԒʐM��ݒ肷���@

���I�ȍĔF�؂̐ݒ�

�蓮�ɂ��|�[�g�ڑ��N���C�A���g�̍ĔF��

�ҋ@���Ԃ̕ύX

�X�C�b�`�ƃN���C�A���g�Ԃ̍đ��M���Ԃ̕ύX

�X�C�b�`�ƃN���C�A���g�Ԃ̃t���[���đ��M�񐔂̐ݒ�

�z�X�g ���[�h�̐ݒ�

�Q�X�gVLAN�̐ݒ�

802.1x�ݒ���f�t�H���g�l�Ƀ��Z�b�g�����@

802.1x���v��񂨂�уX�e�[�^�X�̕\��

�f�o�C�X�̖��

802.1x�f�o�C�X�̖��

�F�؂̊J�n�ƃ��b�Z�[�W��

��b�Z�[�W��

��X�e�[�g��і��X�e�[�g�̃|�[�g

�T�|�[�g�Ώۃg�|��W�[

��LAN�̗�

802.1x�ƃ|�[�g �Z�L��e�B�̎g�p��@

802.1x�Ɖ��VLAN�|�[�g�̎g�p��@

802.1x��VLAN��蓖�Ă̎g�p��@

802.1x�̃f�t�H��g�ݒ�

802.1x�̃f�t�H��g�ݒ�

802.1x�ݒ莞�̒��ӎ��

��\�t�g�E�F�A ��[�X��̃A�b�v�O��[�h

�X�C�b�`��RADIUS�T�[�o�ԒʐM��ݒ肷��@

��I�ȍĔF�؂̐ݒ�

�蓮�ɂ��|�[�g�ڑ��N��C�A��g�̍ĔF��

�ҋ@��Ԃ̕ύX

�X�C�b�`�ƃN��C�A��g�Ԃ̍đ��M��Ԃ̕ύX

�X�C�b�`�ƃN��C�A��g�Ԃ̃t��[��đ��M�񐔂̐ݒ�

�z�X�g ��[�h�̐ݒ�

802.1x�ݒ��f�t�H��g�l�Ƀ��Z�b�g��@

802.1x��v��񂨂�уX�e�[�^�X�̕\��