Guest Vlan Configuration Example - 3Com MSR 50 Series Configuration Manual

1746 C 92: 802.1
HAPTER
Guest VLAN
Configuration
Example
C
X ONFIGURATION
[Sysname] domain default enable aabbcc.net
[Sysname] domain aabbcc.net
# Set radius1 as the RADIUS scheme for users of the domain and specify to use
local authentication as the secondary scheme.
[Sysname-isp-aabbcc.net] authentication default radius-scheme radius1 local
[Sysname-isp-aabbcc.net] authorization default radius-scheme radius1 local
[Sysname-isp-aabbcc.net] accounting default radius-scheme radius1 local
# Set the maximum number of users for the domain as 30.
[Sysname-isp-aabbcc.net] access-limit enable 30
# Enable the idle cut function and set the idle cut interval.
[Sysname-isp-aabbcc.net] idle-cut enable 20
[Sysname-isp-aabbcc.net] quit
# Configure aabbcc.net as the default domain.
[Sysname] domain default enable aabbcc.net
# Enable 802.1x globally.
<Sysname> system-view
[Sysname] dot1x
# Enable 802.1x for port Ethernet 1/1.
[Sysname] interface ethernet 1/1
[Sysname-Ethernet1/1] dot1x
[Sysname-Ethernet1/1] quit
# Set the port access control method. (Optional. The default answers the
requirement.)
[Sysname] dot1x port-method macbased interface ethernet 1/1
Network requirements
As shown in Figure
A host is connected to port Ethernet 1/1 of the router and must pass 802.1x
■
authentication to access the Internet.
The authentication server runs RADIUS and is in VLAN2.
■
The update server, which is in VLAN10, is for client software download and
■
upgrade.
Port Ethernet 1/2 of the router, which is in VLAN5, is for accessing the Internet.
■
As shown in Figure
On port Ethernet 1/1, enable 802.1x and set VLAN 10 as the guest VLAN.
■
As shown in Figure
508:
509:
510: