HP 12500 Series Configuration Manual page 102

A host is connected to port GigabitEthernet 3/0/2 of the device and must pass 802.1X
•
authentication to access the Internet. GigabitEthernet 3/0/2 is in VLAN 1.
GigabitEthernet 3/0/2 implements port-based access control.
•
GigabitEthernet 3/0/3 is in VLAN 5 and is for accessing the Internet.
•
• The authentication server runs RADIUS and is in VLAN 2.
The update server in VLAN 10 is for client software download and upgrade.
•
If no user performs 802.1X authentication on GigabitEthernet 3/0/2 within a period of time, the device
adds GigabitEthernet 3/0/2 to its guest VLAN, VLAN 10. The host and the update server are both in
VLAN 10 and the host can access the update server and download the 802.1X client software.
After the host passes 802.1X authentication, the network access device assigns the host to VLAN 5 where
GigabitEthernet 3/0/3 is. The host can access the Internet.
Figure 32 Network diagram
Configuration procedure
The following configuration procedure covers most AAA/RADIUS configuration commands on the
device. The configuration on the 802.1X client and RADIUS server are not shown. For more information
about AAA/RADIUS configuration commands, see Security Command Reference.
Make sure the 802.1X client can update its IP address after the access port is assigned to the guest
1.
VLAN or a server-assigned VLAN. (Details not shown.)
Configure the RADIUS server to provide authentication, authorization, and accounting services.
2.
Configure user accounts and server-assigned VLAN, VLAN 5 in this example. (Details not shown.)
Create VLANs, and assign ports to the VLANs.
3.
<Device> system-view
[Device] vlan 1
92