R3303-HP HSR6800 Routers Security Configuration Guide
106
If you use free IP, guest VLAN, and Auth-Fail VLAN features together, make sure that the free IP segments
are in both guest VLAN and Auth-Fail VLAN. Users can access only the free IP segments.
To configure a free IP:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Configure a free IP.
dot1x free-ip ip-address
{ mask-address | mask-length }
By default, no free IP is configured.
Configuring the redirect URL
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Configure the redirect
URL.
dot1x url url-string
By default, no redirect URL is configured.
The redirect URL must be on the free IP subnet.
Setting the EAD rule timer
EAD fast deployment automatically creates an ACL-based EAD rule to open access to the redirect URL for
each redirected user seeking to access the network. EAD rules are implemented by using ACL resources.
The EAD rule timer sets the lifetime of each ACL rule. When the timer expires or the user passes
authentication, the rule is removed. If users fail to download EAD client or fail to pass authentication
before the timer expires, they must reconnect to the network to access the free IP.
To prevent ACL rule resources from being used up, you can shorten the timer when the amount of EAD
users is large.
To set the EAD rule timer:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Set the EAD rule timer.
dot1x timer ead-timeout
ead-timeout-value
The default timer is 30 minutes.
Displaying and maintaining EAD fast deployment
Task Command
Remarks
Display 802.1X session
information, statistics, or
configuration information.
display dot1x [ sessions | statistics ]
[ interface interface-list ] [ | { begin |
exclude | include } regular-expression ]
Available in any view.