beautypg.com

Configuring quick ead deployment, Configuration prerequisites, Configuration procedure – H3C Technologies H3C S3600 Series Switches User Manual

Page 496: Configuring a free ip range, Setting the acl timeout period

background image

2-2

Configuring Quick EAD Deployment

Configuration Prerequisites

z

Enable 802.1x on the switch.

z

Set the access mode to auto for 802.1x-enabled ports.

Configuration Procedure

Configuring a free IP range

A free IP range is an IP range that users can access before passing 802.1x authentication.

Follow these steps to configure a free IP range:

To do...

Use the command...

Remarks

Enter system view

system-view

Configure the URL for HTTP
redirection

dot1x url url-string

Required

Configure a free IP range

dot1x free-ip ip-address
{ mask-address | mask-length }

Required

By default, no free IP range is
configured.

z

You must configure the URL for HTTP redirection before configuring a free IP range. A URL must

start with http:// and the segment where the URL resides must be in the free IP range. Otherwise,

the redirection function cannot take effect.

z

You must disable the DHCP-triggered authentication function of 802.1x before configuring a free IP

range.

z

With dot1x enabled but quick EAD deployment disabled, users cannot access the DHCP server if

they fail 802.1x authentication. With quick EAD deployment enabled, users can obtain IP

addresses dynamically before passing authentication if the IP address of the DHCP server is in the

free IP range.

z

The quick EAD deployment function applies to only ports with the access control mode set to auto

through the dot1x port-control command.

z

At present, 802.1x is the only access approach that supports quick EAD deployment.

z

Currently, the quick EAD deployment function does not support port security. The configured free

IP range cannot take effect if you enable port security.

z

The quick EAD deployment function and the MAC address authentication function are mutually

exclusive. You cannot configure both the functions on the switch.

Setting the ACL timeout period

The quick EAD deployment function depends on ACLs in restricting access of users failing

authentication. Each online user that has not passed authentication occupies a certain amount of ACL

resources. After a user passes authentication, the occupied ACL resources will be released. When a

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: