Table of Contents
Advertisement
[Device-radius-2000] user-name-format without-domain
[Device-radius-2000] quit
5.
Configure an ISP domain:
# Create ISP domain bbb and enter ISP domain view.
[Device] domain bbb
# Apply RADIUS scheme 2000 to the ISP domain for authentication, authorization, and
accounting.
[Device-isp-bbb] authentication lan-access radius-scheme 2000
[Device-isp-bbb] authorization lan-access radius-scheme 2000
[Device-isp-bbb] accounting lan-access radius-scheme 2000
[Device-isp-bbb] quit
6.
Configure a time range named ftp from 8:00 to 18:00 on weekdays.
[Device] time-range ftp 8:00 to 18:00 working-day
7.
Configure ACL 3000 to deny packets destined for the FTP server at 10.0.0.1 during the
specified time range.
[Device] acl number 3000
[Device-acl-adv-3000] rule 0 deny ip destination 10.0.0.1 0 time-range ftp
[Device-acl-adv-3000] quit
8.
Configure 802.1X:
# Enable 802.1X globally.
[Device] dot1x
# Enable 802.1X on FortyGigE 1/1/1.
[Device] interface fortygige 1/1//1
[Device-FortyGigE1/1/1] dot1x
[Device-FortyGigE1/1/1] quit
Verifying the configuration
# Use the user account to pass authentication. (Details not shown.)
# Verify that the user cannot ping the FTP server at any time from 8:00 to 18:00 on any weekday.
C:\>ping 10.0.0.1
Pinging 10.0.0.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.0.0.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
The output shows that ACL 3000 is active on the user, and the user cannot access the FTP server.
802.1X with EAD assistant configuration example
Network requirements
As shown in
•
The intranet 192.168.1.0/24 is attached to FortyGigE 1/1/1 of the access device.
Figure
34:
99
Advertisement
Table of Contents
Troubleshooting
