Verifying The Configuration; With Acl Assignment Configuration Example; Network Requirements - HP 5500 HI Series Configuration Manual

# Enable 802.1X globally.
[Device] dot1x
# Enable 802.1X for port GigabitEthernet 1/0/2.
[Device] interface gigabitethernet 1/0/2
[Device-GigabitEthernet1/0/2] dot1x
# Implement port-based access control on the port.
[Device-GigabitEthernet1/0/2] dot1x port-method portbased
# Set the port authorization mode to auto. This step is optional. By default, the port is in auto mode.
[Device-GigabitEthernet1/0/2] dot1x port-control auto
[Device-GigabitEthernet1/0/2] quit
# Set VLAN 10 as the 802.1X guest VLAN for port GigabitEthernet 1/0/2.
[Device] dot1x guest-vlan 10 interface gigabitethernet 1/0/2

Verifying the configuration

Use the display dot1x interface gigabitethernet 1/0/2 command to verify the 802.1X guest VLAN
configuration on GigabitEthernet 1/0/2. If no user passes authentication on the port within a specific
period of time, use the display vlan 10 command to verify whether GigabitEthernet 1/0/2 is assigned
to VLAN 10.
After a user passes authentication, you can use the display interface gigabitethernet 1/0/2 command to
verity that port GigabitEthernet 1/0/2 has been added to VLAN 5.
802.1X with ACL assignment configuration
example

Network requirements

As shown in
access device.
Perform 802.1X authentication on the port. Use the RADIUS server at 10.1.1.1 as the authentication and
authorization server and the RADIUS server at 10.1.1.2 as the accounting server. Assign an ACL to
GigabitEthernet 1/0/1 to deny the access of 802.1X users to the FTP server at 10.0.0.1/24 on weekdays
during business hours from 8:00 to 18:00.
Figure 31 Network diagram
Host
192.168.1.10/24
Figure 31, the host at 192.168.1.10 connects to port GigabitEthernet 1/0/1 of the network
RADIUS server cluster
GE1/0/2
GE1/0/3
GE1/0/1
Vlan-int2
192.168.1.1/24
Device
Auth: 10.1.1.1
Acct: 10.1.1.2
Internet
96
FTP server
10.0.0.1/24