Table of Contents
Advertisement
[Device] interface GigabitEthernet 1/0/2
[Device-GigabitEthernet1/0/2] dot1x
# Set the port access control method to portbased.
[Device-GigabitEthernet1/0/2] dot1x port-method portbased
# Set the port access control mode to auto.
[Device-GigabitEthernet1/0/2] dot1x port-control auto
[Device-GigabitEthernet1/0/2] quit
# Create VLAN 10.
[Device] vlan 10
[Device-vlan10] quit
# Specify port GigabitEthernet 1/0/2 to use VLAN 10 as its guest VLAN.
[Device] dot1x guest-vlan 10 interface GigabitEthernet 1/0/2
You can use the display current-configuration or display interface GigabitEthernet 1/0/2
command to view your configuration. You can also use the display vlan 10 command in the following
cases to verify whether the configured guest VLAN functions:
When no users log in.
When a user goes offline.
After a user passes the authentication successfully, you can use the display interface
GigabitEthernet 1/0/2 command to verity that port GigabitEthernet 1/0/2 has been added to the
assigned VLAN 5.
ACL Assignment Configuration Example
Network requirements
As shown in
Figure
802.1X authentication to access the Internet.
Configure the RADIUS server to assign ACL 3000.
Enable 802.1X authentication on port GigabitEthernet 1/0/1 of the device, and configure ACL
3000.
After the host passes 802.1X authentication, the RADIUS server assigns ACL 3000 to port
GigabitEthernet 1/0/1. As a result, the host can access the Internet but cannot access the FTP server,
whose IP address is 10.0.0.1.
Figure 2-14 Network diagram for ACL assignment
2-14, a host is connected to port GigabitEthernet 1/0/1 of the device and must pass
2-21
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
