3Com S7906E Configuration Manual page 1901

After the host passes 802.1X authentication, the RADIUS server assigns ACL 3000 to port
GigabitEthernet 2/0/1. As a result, the host can access the Internet but cannot access the FTP server,
whose IP address is 10.0.0.1.
Figure 1-14 Network diagram for ACL assignment
Configuration procedure
# Configure the IP addresses of the interfaces. (Omitted)
# Configure the RADIUS scheme.
<Device> system-view
[Device] radius scheme 2000
[Device-radius-2000] primary authentication 10.1.1.1 1812
[Device-radius-2000] primary accounting 10.1.1.2 1813
[Device-radius-2000] key authentication abc
[Device-radius-2000] key accounting abc
[Device-radius-2000] user-name-format without-domain
[Device-radius-2000] quit
# Create an ISP domain and specify the AAA schemes.
[Device] domain 2000
[Device-isp-2000] authentication default radius-scheme 2000
[Device-isp-2000] authorization default radius-scheme 2000
[Device-isp-2000] accounting default radius-scheme 2000
[Device-isp-2000] quit
# Configure ACL 3000 to deny packets destined for 10.0.0.1.
[Device] acl number 3000
[Device-acl-adv-3000] rule 0 deny ip destination 10.0.0.1 0
# Enable 802.1X globally.
[Device] dot1x
# Enable 802.1X for port GigabitEthernet 2/0/1.
[Device] interface gigabitethernet 2/0/1
[Device-GigabitEthernet 2/0/1] dot1x
After logging in successfully, a user can use the ping command to verify whether the ACL 3000
assigned by the RADIUS server functions.
C:\>ping 10.0.0.1
1-27