802.1X With Acl Assignment Configuration Example - HP FlexFabric 5700 Series Security Configuration Manual

[Device-Ten-GigabitEthernet1/0/2] dot1x port-control auto
# Set VLAN 10 as the 802.1X guest VLAN on port Ten-GigabitEthernet 1/0/2.
[Device-Ten-GigabitEthernet1/0/2] dot1x guest-vlan 10
[Device-Ten-GigabitEthernet1/0/2] quit
# Enable 802.1X globally.
[Device] dot1x
Verifying the configuration
# Verify the 802.1X guest VLAN configuration on Ten-GigabitEthernet 1/0/2.
[Device] display dot1x interface ten-gigabitethernet 1/0/2
# Verify that Ten-GigabitEthernet 1/0/2 is assigned to VLAN 10 when no user passes authentication on
the port.
[Device] display vlan 10
# After a user passes authentication, display information on Ten-GigabitEthernet 1/0/2. Verify that
Ten-GigabitEthernet 1/0/2 is assigned to VLAN 5.
[Device] display interface ten-gigabitethernet 1/0/2

802.1X with ACL assignment configuration example

Network requirements
As shown in
authentication to access the Internet.
Perform 802.1X authentication on Ten-GigabitEthernet 1/0/1. Use the RADIUS server at 10.1.1.1 as the
authentication and authorization server, and the RADIUS server at 10.1.1.2 as the accounting server.
Configure ACL assignment on Ten-GigabitEthernet 1/0/1 to deny access of 802.1X users to the FTP
server from 8:00 to 18:00 on weekdays.
Figure 32 Network diagram
Configuration procedure
1. Configure the 802.1X client. Make sure the client is able to update its IP address after the access
port is assigned to the 802.1X guest VLAN or an authorization VLAN. (Details not shown.)
2. Configure the RADIUS servers to provide authentication, authorization, and accounting services.
Add user accounts and specify the ACL (ACL 3000 in this example) for the users. (Details not
shown.)
Figure 32, the host that connects to Ten-GigabitEthernet 1/0/1 must pass 802.1X
95