[SW1]interface  Eth-Trunk 1[SW1-Eth-Trunk1]mode  lacp[SW1-Eth-Trunk1]trunkport g0/0/13[SW1-Eth-Trunk1]trunkport g0/0/14

[SW2]interface  Eth-Trunk  1[SW2-Eth-Trunk1]mode lacp[SW2-Eth-Trunk1]trunkport g0/0/13[SW2-Eth-Trunk1]trunkport g0/0/14[SW2]interface  Eth-Trunk  2[SW2-Eth-Trunk2]mode lacp[SW2-Eth-Trunk2]trunkport g0/0/12[SW2-Eth-Trunk2]trunkport g0/0/22

[SW3]interface  Eth-Trunk 1[SW3-Eth-Trunk1]mode lacp[SW3-Eth-Trunk1]trunkport g0/0/23[SW3-Eth-Trunk1]trunkport g0/0/24

[SW1]vlan  batch  60 101[SW1]interface  Vlanif 60[SW1-Vlanif60]ip address  10.1.60.254 24[SW1]interface  Vlanif  101[SW1-Vlanif101]ip address  10.1.200.29 30

[SW2]vlan batch  11 21 101[SW2]interface  Vlanif  11[SW2-Vlanif10]ip address  10.1.11.254 24[SW2-Vlanif10]q[SW2]interface  Vlanif  21[SW2-Vlanif20]ip address  10.2.21.254 24[SW2]interface  Vlanif  101[SW2-Vlanif101]ip address  10.1.200.30 30

[SW1]interface  g0/0/6[SW1-GigabitEthernet0/0/6]port link-type access[SW1-GigabitEthernet0/0/6]port default vlan  60[SW1-GigabitEthernet0/0/6]q[SW1]interface  Eth-Trunk 1[SW1-Eth-Trunk1]port link-type trunk[SW1-Eth-Trunk1]port trunk  allow-pass  vlan  101

[SW2]interface  Eth-Trunk 1[SW2-Eth-Trunk1]port link-type trunk[SW2-Eth-Trunk1]port trunk allow-pass vlan 101[SW2-Eth-Trunk1]q[SW2]interface  Eth-Trunk 2[SW2-Eth-Trunk2]port link-type hybrid[SW2-Eth-Trunk2]port hybrid tagged vlan 11 21

[SW1]ospf[SW1-ospf-1]area  0[SW1-ospf-1-area-0.0.0.0]network  10.1.60.254 0.0.0.0[SW1-ospf-1-area-0.0.0.0]network 10.1.200.29 0.0.0.0

[SW2]ospf[SW2-ospf-1]area  0[SW2-ospf-1-area-0.0.0.0]network  10.1.11.254 0.0.0.0[SW2-ospf-1-area-0.0.0.0]network  10.1.21.254 0.0.0.0[SW2-ospf-1-area-0.0.0.0]network 10.1.200.30 0.0.0.0

[SW2]dhcp enableInfo: The operation may take a few seconds. Please wait for a moment. done.[SW2]interface  Vlanif  11[SW2-Vlanif10]dhcp  select interface[SW2-Vlanif10]q[SW2]interface  Vlanif  21[SW2-Vlanif20]dhcp  select interface[SW2-Vlanif20]q

[SW2]radius-server template radius[SW2-radius-radius]radius-server  authentication  10.1.60.2 1812 //指定radius认证IP和端口号[SW2-radius-radius]radius-server  accounting 10.1.60.2 1813 //指定radius计费IP和端口号[SW2-radius-radius]radius-server shared-key cipher Huawei@123//配置与radius之间的密码[SW2-radius-radius]qSW2]radius-server authorization 10.1.60.2 shared-key cipher Huawei@123 //指定radius授权服务器IP

[SW2]aaa[SW2-aaa]authentication-scheme radius //创建认证模板[SW2-aaa-authen-radius]authentication-mode  radius //认证模式为radius[SW2-aaa-authen-radius]q[SW2-aaa]accounting-scheme radius //创建计费模板[SW2-aaa-accounting-radius]accounting-mode radius //计费模式为radius[SW2-aaa-accounting-radius]q[SW2-aaa]domain huawei //创建认证域[SW2-aaa-domain-huawei]authentication-scheme radius //调用认证模板[SW2-aaa-domain-huawei]accounting-scheme radius//调用计费模板[SW2-aaa-domain-huawei]radius-server radius[SW2-aaa-domain-huawei]q

[SW2]dot1x-access-profile  name dot1x //创建802.1x认证模板[SW2-dot1x-access-profile-dot1x]q[SW2]mac-access-profile name mac//创建mac认证模板[SW2-mac-access-profile-mac]q[SW2]authentication-profile name huawei//创建认证模板[SW2-authen-profile-huawei]dot1x-access-profile dot1x//调用802.1x认证模板[SW2-authen-profile-huawei]mac-access-profile mac//调用mac认证模板[SW2-authen-profile-huawei]access-domain huawei force//配置强制使用认证域huawei[SW2-authen-profile-huawei]authentication dot1x-mac-bypass//配置旁路认证[SW2-authen-profile-huawei]q

[SW2]vlan  pool  market//创建市场部vlan池[SW2-vlan-pool-market]vlan 11[SW2-vlan-pool-market]q[SW2]vlan  pool hr//创建人事部vlan池[SW2-vlan-pool-hr]vlan  21[SW2-vlan-pool-hr]q[SW2]interface  Eth-Trunk  2[SW2-Eth-Trunk2]authentication-profile huawei//接口调用认证模板

[SW3]l2protocol-tunnel user-defined-protocol dot1x protocol-mac 0180-c200-0003 group-mac 0100-0000-0002[SW3]interface  Eth-Trunk  1[SW3-Eth-Trunk1]l2protocol-tunnel user-defined-protocol  dot1x enable[SW3]interface  g0/0/1[SW3-GigabitEthernet0/0/1]l2protocol-tunnel user-defined-protocol  dot1x enable