R2511-HP MSR Router Series Security Configuration Guide(V5)
106
Figure 42 Network diagram
Configuration procedure
The following configuration procedure covers most AAA/RADIUS configuration commands on the
device. The configuration on the 802.1X client and RADIUS server are not shown. For more information
about AAA/RADIUS configuration commands, see Security Command Reference.
1. Make sure the 802.1X client can update its IP address after the access port is assigned to the guest
VLAN or a server-assigned VLAN. (Details not shown.)
2. Configure the RADIUS server to provide authentication, authorization, and accounting services.
Configure user accounts and server-assigned VLAN, VLAN 5 in this example. (Details not shown.)
3. Create VLANs, and assign ports to the VLANs:
<Device> system-view
[Device] vlan 1
[Device-vlan1] port ethernet 1/2
[Device-vlan1] quit
[Device] vlan 10
[Device-vlan10] port ethernet 1/1
[Device-vlan10] quit
[Device] vlan 2
[Device-vlan2] port ethernet 1/4
[Device-vlan2] quit
[Device] vlan 5
[Device-vlan5] port ethernet 1/3
[Device-vlan5] quit
Internet
Update server Authentication server
Host
VLAN 10
Eth1/1
VLAN 10
Eth1/2
VLAN 5
Eth1/3
VLAN 2
Eth1/4
Device
Internet
Update server Authentication server
Host
VLAN 10
Eth1/1
VLAN 1
Eth1/2
VLAN 5
Eth1/3
VLAN 2
Eth1/4
Device
Internet
Update server Authentication server
Host
VLAN 10
Eth1/1
VLAN 5
Eth1/2
VLAN 5
Eth1/3
VLAN 2
Eth1/4
Device
Port added to the
guest VLAN
User gets
online