Guest Vlan And Authorization Vlan Configuration Example - HP FlexFabric 5700 Series Security Configuration Manual

802.1X guest VLAN and authorization VLAN configuration
example
Network requirements
As shown in
802.1X users who connect to Ten-GigabitEthernet 1/0/2. Implement port-based access control on the
port.
If no user performs 802.1X authentication on Ten-GigabitEthernet 1/0/2 within a period of time, the
device adds Ten-GigabitEthernet 1/0/2 to the guest VLAN, VLAN 10. The host and the update server
are both in VLAN 10, and the host can access the update server and download the 802.1X client
software.
After the host passes 802.1X authentication, the access device assigns the host to VLAN 5 where
Ten-GigabitEthernet 1/0/3 is. The host can access the Internet.
Figure 31 Network diagram
Update server
VLAN 1
XGE1/0/2
Host
Update server
VLAN 10
XGE1/0/2
Host
Configuration procedure
1. Configure the 802.1X client. Make sure the 802.1X client can update its IP address after the
access port is assigned to the guest VLAN or an authorization VLAN. (Details not shown.)
2. Configure the RADIUS server to provide authentication, authorization, and accounting services.
Configure user accounts and authorization VLAN (VLAN 5 in this example) for the users. (Details
not shown.)
3. Create VLANs, and assign ports to the VLANs on the access device.
<Device> system-view
Figure 31, use RADIUS servers to perform authentication, authorization, and accounting for
Authentication server
VLAN 10 VLAN 2
XGE1/0/1 XGE1/0/4
VLAN 5
XGE1/0/3
Device
Internet
Port assigned to
guest VLAN
Authentication server
VLAN 10 VLAN 2
XGE1/0/1 XGE1/0/4
VLAN 5
XGE1/0/3
Device
Internet
Update server
User comes
online
VLAN 5
XGE1/0/2
Host
93
Authentication server
VLAN 10 VLAN 2
XGE1/0/1 XGE1/0/4
VLAN 5
XGE1/0/3
Device
Internet