R0106-HP MSR Router Series Security Configuration Guide(V7)
95
Verifying the configuration
# Use the display dot1x interface command to verify the 802.1X configuration on GigabitEthernet 2/1/1.
(Details not shown.)
# After an 802.1X user passes authentication, use the display dot1x sessions command to display the
user connection information. (Details not shown.)
802.1X guest VLAN and authorization VLAN configuration
example
Network requirements
As shown in Figure 34, use RADIUS servers to perform authentication, authorization, and accounting for
802.1X users who connect to GigabitEthernet 2/1/2. Implement port-based access control on the port.
If no user performs 802.1X authentication on GigabitEthernet 2/1/2 within a period of time, the device
adds GigabitEthernet 2/1/2 to the guest VLAN, VLAN 10. The host and the update server are both in
VLAN 10 and the host can access the update server and download the 802.1X client software.
After the host passes 802.1X authentication, the access device assigns the host to VLAN 5 where
GigabitEthernet 2/1/3 is. The host can access the Internet.
Figure 34 Network diagram
Configuration procedure
1. Configure the 802.1X client. Make sure the 802.1X client can update its IP address after the
access port is assigned to the guest VLAN or an authorization VLAN. (Details not shown.)