Table of Contents
Advertisement
Operation Manual – 802.1x-HABP-MAC Authentication
H3C S3610&S5510 Series Ethernet Switches
[Sysname-isp-aabbcc.net] authorization default radius-scheme radius1 local
[Sysname-isp-aabbcc.net] accounting default radius-scheme radius1 local
# Set the maximum number of users for the domain as 30.
[Sysname-isp-aabbcc.net] access-limit enable 30
# Enable the idle cut function and set the idle cut interval.
[Sysname-isp-aabbcc.net] idle-cut enable 20
[Sysname-isp-aabbcc.net] quit
# Configure aabbcc.net as the default domain.
[Sysname] domain default enable aabbcc.net
# Enable 802.1x globally.
[Sysname] dot1x
# Enable 802.1x for port Ethernet 1/0/1.
[Sysname] interface Ethernet 1/0/1
[Sysname-Ethernet1/0/1] dot1x
[Sysname-Ethernet1/0/1] quit
# Set the port access control method. (Optional. The default answers the requirement.)
[Sysname] dot1x port-method macbased interface Ethernet 1/0/1
1.6 Guest VLAN Configuration Example
I. Network requirements
As shown in
A host is connected to port Ethernet 1/0/1 of the switch and must pass 802.1x
authentication to access the Internet.
The authentication server run RADIUS and is in VLAN 2.
The update server, which is in VLAN 10, is for client software download and
upgrade.
Port Ethernet 1/0/2 of the switch, which is in VLAN 5, is for accessing the Internet.
As shown in
On port Ethernet 1/0/1, enable 802.1x and set VLAN 10 as the guest VLAN.
As shown in
Authenticated supplicants are assigned to VLAN 5 and permitted to access the
Internet.
Figure
1-11:
Figure
1-12:
Figure
1-13:
1-21
Chapter 1 802.1x Configuration
Advertisement
Chapters
Table of Contents
Troubleshooting
