Table of Contents
Advertisement
Figure 32 Network diagram
Update server
FGE1/0/1
VLAN 1
FGE1/0/2
Host
Update server
FGE1/0/1
VLAN 10
FGE1/0/2
Host
Configuration procedure
1.
Configure the 802.1X client. Make sure the 802.1X client can update its IP address after the
access port is assigned to the guest VLAN or an authorization VLAN. (Details not shown.)
2.
Configure the RADIUS server to provide authentication, authorization, and accounting services.
Configure user accounts and authorization VLAN (VLAN 5 in this example) for the users.
(Details not shown.)
3.
Create VLANs, and assign ports to the VLANs on the access device.
<Device> system-view
[Device] vlan 1
[Device-vlan1] port fortygige 1/1/2
[Device-vlan1] quit
[Device] vlan 10
[Device-vlan10] port fortygige 1/1/1
[Device-vlan10] quit
[Device] vlan 2
[Device-vlan2] port fortygige 1/1/4
[Device-vlan2] quit
[Device] vlan 5
[Device-vlan5] port fortygige 1/1/3
[Device-vlan5] quit
4.
Configure a RADIUS scheme on the access device:
# Create RADIUS scheme 2000 and enter RADIUS scheme view.
[Device] radius scheme 2000
# Specify the server at 10.11.1.1 as the primary authentication server, and set the
authentication port to 1812.
Authentication server
VLAN 10
VLAN 2
FGE1/0/4
VLAN 5
FGE1/0/3
Device
Internet
Port added to the
guest VLAN
Authentication server
VLAN 10
VLAN 2
FGE1/0/4
VLAN 5
FGE1/0/3
Device
Internet
Update server
User comes
online
VLAN 5
FGE1/0/2
Host
96
Authentication server
VLAN 10
VLAN 2
FGE1/0/1
FGE1/0/4
VLAN 5
FGE1/0/3
Device
Internet
Advertisement
Table of Contents
Troubleshooting
