# Configure the domain name of the HWTACACS scheme to hwtac.
[Sysname] domain hwtacacs
[Sysname-isp-hwtacacs] scheme hwtacacs-scheme hwtac
Auto VLAN Configuration Example
Network requirements
As shown in
Figure
authenticate users. After a user passes the authentication on a port, the RADIUS server issues a VLAN
list to the switch, which assigns the authentication port to a VLAN that the IP phone needs to access.
After that, the IP phone can access the network. The access control mode is port-based.
All users belong to ISP domain abc; the RADIUS scheme is bbb;
The RADIUS server is connected to Switch; the IP address of the RADIUS server is 1.1.1.1.
The shared key used when Switch and the RADIUS server exchange packets is hello.
Network diagram
Figure 33-5 Network diagram for Auto VLAN configuration
Configuration procedure
Configuration on the RADIUS server
The configuration may vary on different RADIUS servers. Configure VLAN lists on the RADIUS server
by referring to
Configuring dynamic VLAN list
Configuration on 802.1x clients
The configuration may vary on different 802.1x clients. Configure 802.1x clients by referring to related
802.1x client configuration guides.
Configuration on the authentication switch
<Switch> system-view
# Configure the authentication scheme.
[Switch] radius scheme bbb
[Switch-radius-bbb] primary authentication 1.1.1.1
[Switch-radius-bbb] key authentication hello
[Switch-radius-bbb] primary accounting 1.1.1.1
[Switch-radius-bbb] key accounting hello
33-5, use 802.1X authentication on Ethernet 1/0/1 and Ethernet 1/0/2 to
assignment.
33-33