Acl Assignment Configuration Example - H3C S5500-EI Series Operation Manual

Operation Manual – 802.1x-HABP-MAC Authentication
H3C S5500-EI Series Ethernet Switches
[Sysname-GigabitGigabitEthernet1/0/1] dot1x port-method portbased
# Set the port access control mode to auto.
[Sysname-GigabitGigabitEthernet1/0/1] dot1x port-control auto
[Sysname-GigabitGigabitEthernet1/0/1] quit
# Create VLAN 10.
[Sysname] vlan 10
[Sysname-vlan10] quit
# Specify port GigabitEthernet 1/0/1 to use VLAN 10 as its guest VLAN.
[Sysname] dot1x guest-vlan 10 interface GigabitEthernet 1/0/1
You can use the display current-configuration or display interface GigabitEthernet
1/0/1 command to view your configuration. You can also use the display vlan 10
command in the following cases to verify whether the configured guest VLAN functions:
When no users log in.
When a user fails the authentication.
When a user goes offline.

1.7 ACL Assignment Configuration Example

I. Network requirements
As shown in
and must pass 802.1x authentication to access the Internet.
Configure the RADIUS server to assign ACL 3000.
Enable 802.1x authentication on GigabitEthernet1/0/1 of the device, and configure
ACL 3000.
After the host passes 802.1x authentication, the RADIUS server assigns ACL 3000 to
GigabitEthernet1/0/1. As a result, the host can access the Internet but cannot access
the FTP server, whose IP address is 10.0.0.1.
II. Network diagram
Figure 1-14 Network diagram for ACL assignment
Figure 1-14, a host is connected to port GigabitEthernet1/0/1 of the device
1-24
Chapter 1 802.1x Configuration