Deploy EAD solution for the intranet so that all hosts must pass 802.1X authentication to access the
network.
To allow all intranet users to install and update 802.1X client program from a web server, configure the
following:
Allow unauthenticated users to access the segment of 192.168.2.0/24 and to obtain IP address
•
on the segment of 192.168.1.0/24 through DHCP.
Redirect unauthenticated users to a preconfigured webpage when the users use a web browser to
•
access any external network except 192.168.2.0/24. The webpage allows users to download the
802.1X client program.
Allow authenticated 802.1X users to access the network.
•
Figure 39 Network diagram for EAD fast deployment
192.168.1.0/24
In addition to the configuration on the access device, complete the following tasks:
Configure the DHCP server so that the host can obtain an IP address on the segment of
•
192.168.1.0/24.
Configure the web server so that users can log in to the webpage to download 802.1X clients.
•
Configure the authentication server to provide authentication, authorization, and accounting
•
services.
Configuration procedure
Configure an IP address for each interface. (Omitted)
1.
Configure DHCP relay.
2.
# Enable DHCP.
<Router> system-view
[Router] dhcp enable
# Configure a DHCP server for a DHCP server group.
[Router] dhcp relay server-group 1 ip 192.168.2.2
# Enable the relay agent VLAN interface 2.
Internet
Router
GE1/0/3
GE1/0/1
192.168.2.1/24
Vlan-int 2
192.168.1.1/24
GE1/0/2
10.1.1.10/24
Authentication servers
10.1.1.1/10.1.1.2
101
Free IP:
Web server
192.168.2.3/24
192.168.2.0/24
DHCP server
192.168.2.2/24