Configuration Procedure - HP 5120 SI Series Security Configuration Manual

Enable 802.1X on the port, and set the port authorization mode to auto.
•

Configuration procedure

Configuring a free IP
When a free IP is configured, the EAD fast deployment is enabled. To allow a user to obtain a dynamic
IP address before passing 802.1X authentication, make sure the DHCP server is on the free IP segment.
Follow these steps to configure a free IP:
To do...
Enter system view
Configure a free IP
NOTE:
When global MAC authentication, Layer-2 portal authentication, or port security is enabled, the free IP
does not take effect.
Configuring the redirect URL
Follow these steps to configure a redirect URL:
To do...
Enter system view
Configure the redirect URL
NOTE:
The redirect URL must be on the free IP subnet.
Setting the EAD rule timer
EAD fast deployment automatically creates an ACL rule, or an EAD rule, to open access to the redirect
URL for each redirected user seeking to access the network. The EAD rule timer sets the lifetime of each
ACL rule. When the timer expires or the user passes authentication, the rule is removed. If users fail to
download EAD client or fail to pass authentication before the timer expires, they must reconnect to the
network to access the free IP.
To prevent ACL rule resources from being used up, you can shorten the timer when the amount of EAD
users is large.
Follow these steps to set the EAD rule timer:
To do...
Enter system view
Use the command...
system-view
dot1x free-ip ip-address
{ mask-address | mask-length }
Use the command...
system-view
dot1x url url-string
Use the command...
system-view
90
Remarks
—
Required
By default, no free IP is configured.
Remarks
—
Required
By default, no redirect URL is
configured.
Remarks
—