Configuration procedure – H3C Technologies H3C S7500E Series Switches User Manual

5-28

z

A host is connected to port GigabitEthernet2/0/2 of the device and must pass 802.1X

authentication to access the Internet. GigabitEthernet2/0/2 is in VLAN 1.

z

The authentication server runs RADIUS and is in VLAN 2.

z

The update server, which is in VLAN 10, is for client software download and upgrade.

z

Port GigabitEthernet2/0/3 of the device, which is in VLAN 5, is for accessing the Internet.

z

If no client accesses the port or no user passes authentication on the port within a period of

time (90 seconds by default), the device adds port GigabitEthernet2/0/2 to its guest VLAN.

In this case, the host and the update server are both in VLAN 10 and the host can access

the update server and download the 802.1X client software.

z

After the host passes the authentication and logs on, the host is added to VLAN 5. In this

case, the host and GigabitEthernet2/0/3 are both in VLAN 5 and the host can access the

Internet.

Figure 5-10 Network diagram for 802.1X with guest VLAN and VLAN assignment configuration

Configuration procedure

The following configuration procedure covers most AAA/RADIUS configuration commands for

the device, while configuration on the 802.1X client and RADIUS server are omitted. For

information about AAA/RADIUS configuration commands, see AAA/RADIUS Configuration

Commands in the Security Command Reference.