Table of Contents
Advertisement
7.
Configure 802.1X:
# Enable 802.1X on FortyGigE 1/1/1.
[Device] interface fortygige 1/1/1
[Device-FortyGigE1/1/1] dot1x
# Enable MAC-based access control on the port. By default, the port uses MAC-based access
control.
[Device-FortyGigE1/1//1] dot1x port-method macbased
# Specify ISP domain bbb as the mandatory domain.
[Device-FortyGigE1/1//1] dot1x mandatory-domain bbb
[Device-FortyGigE1/1//1] quit
# Enable 802.1X globally.
[Device] dot1x
Verifying the configuration
# Verify the 802.1X configuration on FortyGigE 1/1/1.
[Device] display dot1x interface fortygige 1/1/1
# Display the user connection information after an 802.1X user passes authentication.
[Device] display dot1x connection
802.1X guest VLAN and authorization VLAN configuration
example
Network requirements
As shown in
accounting for 802.1X users who connect to FortyGigE 1/1/2. Implement port-based access control
on the port.
If no user performs 802.1X authentication on FortyGigE 1/1/2 within a period of time, the device adds
FortyGigE 1/1/2 to the guest VLAN, VLAN 10. The host and the update server are both in VLAN 10,
and the host can access the update server and download the 802.1X client software.
After the host passes 802.1X authentication, the access device assigns the host to VLAN 5 where
FortyGigE 1/1/3 is. The host can access the Internet.
Figure
32, use RADIUS servers to perform authentication, authorization, and
95
Advertisement
Table of Contents
Troubleshooting
