R3303-HP HSR6800 Routers Security Configuration Guide
104
# Create an ISP domain and specify the RADIUS scheme 2000 as the default AAA schemes for the
domain.
[Router] domain 2000
[Router-isp-2000] authentication default radius-scheme 2000
[Router-isp-2000] authorization default radius-scheme 2000
[Router-isp-2000] accounting default radius-scheme 2000
[Router-isp-2000] quit
# Configure a time range ftp for the weekdays from 8:00 to 18:00.
[Router] time-range ftp 8:00 to 18:00 working-day
# Configure ACL 3000 to deny packets destined for the FTP server at 10.0.0.1 on the weekdays
during business hours.
[Router] acl number 3000
[Router-acl-adv-3000] rule 0 deny ip destination 10.0.0.1 0 time-range ftp
[Router-acl-adv-3000] quit
# Enable 802.1X globally.
[Router] dot1x
# Enable 802.1X on port GigabitEthernet 3/0/1.
[Router] interface gigabitethernet 3/0/1
[Router-GigabitEthernet3/0/1] dot1x
Verifying the configuration
# Use the user account to pass authentication, and then ping the FTP server on any weekday during
business hours.
C:\>ping 10.0.0.1
Pinging 10.0.0.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.0.0.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
The output shows that ACL 3000 has taken effect on the user, and the user cannot access the FTP server.