Guest Vlan Configuration Example - H3C S5500-EI Series Operation Manual

Operation Manual – 802.1x-HABP-MAC Authentication
H3C S5500-EI Series Ethernet Switches
[Sysname-isp-aabbcc.net] access-limit enable 30
# Enable the idle cut function and set the idle cut interval.
[Sysname-isp-aabbcc.net] idle-cut enable 20
[Sysname-isp-aabbcc.net] quit
# Configure aabbcc.net as the default domain.
[Sysname] domain default enable aabbcc.net
# Enable 802.1x globally.
[Sysname] dot1x
# Enable 802.1x for port GigabitEthernet 1/0/1.
[Sysname] interface GigabitEthernet 1/0/1
[Sysname-GigabitGigabitEthernet1/0/1] dot1x
[Sysname-GigabitGigabitEthernet1/0/1] quit
# Set the port access control method. (Optional. The default answers the requirement.)
[Sysname] dot1x port-method macbased interface GigabitEthernet 1/0/1

1.6 Guest VLAN Configuration Example

I. Network requirements
As shown in
A host is connected to port GigabitEthernet 1/0/1 of the switch and must pass
802.1x authentication to access the Internet.
The authentication server run RADIUS and is in VLAN 2.
The update server, which is in VLAN 10, is for client software download and
upgrade.
Port GigabitEthernet 1/0/2 of the switch, which is in VLAN 5, is for accessing the
Internet.
As shown in
On port GigabitEthernet 1/0/1, enable 802.1x and set VLAN 10 as the guest
VLAN.
As shown in
Authenticated supplicants are assigned to VLAN 5 and permitted to access the
Internet.
Figure 1-11:
Figure 1-12:
Figure 1-13:
1-21
Chapter 1 802.1x Configuration