SDA 802.1X认证模式

1.介绍
在SDA中，Edge Node 接口的认证有None、Open、low impact、Close mode四种
1.1 None mode：指的是不认证，配置vlan name 和对应的SGT
1.2 Open mode：
参考Edge上默认的配置，当Edge配置完role，默认的接口是Open模式：
  interface GigabitEthernet1/0/30
  switchport mode access
  device-tracking attach-policy IPDT_POLICY
  dot1x timeout tx-period 7
  dot1x max-reauth-req 3
  source template DefaultWiredDot1xOpenAuth
  spanning-tree portfast
  spanning-tree bpduguard enable
 end 
手动配置Open mode会要求配置vlan name：
Open Authentication 配置port assignment
 interface GigabitEthernet1/0/30
  switchport access vlan 1022
  switchport mode access
  device-tracking attach-policy IPDT_POLICY
  load-interval 30
  access-session inherit disable interface-template-sticky
  access-session inherit disable autoconf
  dot1x timeout tx-period 7
  dot1x max-reauth-req 3
  no macro auto processing
  source template DefaultWiredDot1xOpenAuth
  spanning-tree portfast
  spanning-tree bpduguard enable
1.4 Low impact mode
Edge上自动配置：
 interface GigabitEthernet1/0/30
  switchport access vlan 1022
  switchport mode access
  device-tracking attach-policy IPDT_POLICY
  ip access-group IPV4_PRE_AUTH_ACL in
  load-interval 30
  ipv6 traffic-filter IPV6_PRE_AUTH_ACL in
  access-session inherit disable interface-template-sticky
  access-session inherit disable autoconf
  dot1x timeout tx-period 7
  dot1x max-reauth-req 3
  no macro auto processing
  source template DefaultWiredDot1xLowImpactAuth
  spanning-tree portfast
  spanning-tree bpduguard enable 
 对比Open mode 多了ipv4和ipv6的acl，控制访问的范围
  ip access-list extended IPV4_PRE_AUTH_ACL
  10 permit udp any any eq bootps
  20 permit udp any any eq bootpc
  30 permit udp any any eq domain
  40 deny ip any any 
1.5 Close mode
最严格的认证模式，只有通过认证才能访问网络及网络上的资源