1x with acl assignment configuration example, Network requirements – H3C Technologies H3C S7500E Series Switches User Manual

Page 119

5-29

# Configure RADIUS scheme 2000.

system-view

[Device] radius scheme 2000

[Device-radius-2000] primary authentication 10.11.1.1 1812

[Device-radius-2000] primary accounting 10.11.1.1 1813

[Device-radius-2000] key authentication abc

[Device-radius-2000] key accounting abc

[Device-radius-2000] user-name-format without-domain

[Device-radius-2000] quit

# Configure authentication domain system and specify to use RADIUS scheme 2000 for

authentication, authorization, and accounting of users of the domain.

[Device] domain system

[Device-isp-system] authentication default radius-scheme 2000

[Device-isp-system] authorization default radius-scheme 2000

[Device-isp-system] accounting default radius-scheme 2000

[Device-isp-system] quit

# Enable 802.1X globally.

[Device] dot1x

# Enable 802.1X for port GigabitEthernet 2/0/2.

[Device] interface gigabitethernet 2/0/2

[Device-GigabitEthernet2/0/2] dot1x

# Set the port access control method to portbased.

[Device-GigabitEthernet2/0/2] dot1x port-method portbased

# Set the port authorization mode to auto.

[Device-GigabitEthernet2/0/2] dot1x port-control auto

[Device-GigabitEthernet2/0/2] quit

# Create VLAN 10.

[Device] vlan 10

[Device-vlan10] quit

# Specify port GigabitEthernet 2/0/2 to use VLAN 10 as its guest VLAN.

[Device] dot1x guest-vlan 10 interface gigabitethernet 2/0/2

You can use the display dot1x interface gigabitethernet 2/0/2 command to view your guest

VLAN configuration on GigabitEthernet 2/0/2. If no client accesses the port or no user passes

authentication on the port within a specified period of time, use the display vlan 10 command

to verify whether GigabiatEthernet 2/0/2 is added to the configured guest VLAN.

After a user passes the authentication successfully, you can use the display interface

gigabitethernet 2/0/2 command to verity that port GigabitEthernet 2/0/2 has been added to the

assigned VLAN 5.

802.1X with ACL Assignment Configuration Example

Network requirements

As shown in

Figure 5-11

, a host is connected to port GigabitEthernet 2/0/1 of the device and

must pass 802.1X authentication to access the Internet.

Configure the RADIUS server to assign ACL 3000.

Enable 802.1X authentication on port GigabitEthernet 2/0/1 of the device, and configure

ACL 3000.

This manual is related to the following products:

H3C S5800 Series Switches H3C S5120 Series Switches H3C WA2600 Series WLAN Access Points H3C WA2200 Series WLAN Access Points