R0106-HP MSR Router Series Security Configuration Guide(V7)

[Device] interface gigabitethernet 2/1/2

[Device-GigabitEthernet2/1/2] dot1x

# Implement port-based access control on the port.

[Device-GigabitEthernet2/1/2] dot1x port-method portbased

# Set the port authorization mode to auto. By default, the port uses the auto mode.

[Device-GigabitEthernet2/1/2] dot1x port-control auto

# Set VLAN 10 as the 802.1X guest VLAN on port GigabitEthernet 2/1/2.

[Device-GigabitEthernet2/1/2] dot1x guest-vlan 10

[Device-GigabitEthernet2/1/2] quit

# Enable 802.1X globally.

[Device] dot1x

Verifying the configuration

# Use the display dot1x interface command to verify the 802.1X guest VLAN configuration on

GigabitEthernet 2/1/2. (Details not shown.)

# Use the display vlan command to verify that GigabitEthernet 2/1/2 is assigned to VLAN 10 when no

user passes authentication on the port. (Details not shown.)

# After a user passes authentication, use the display interface command to verity that GigabitEthernet

2/1/2 is assigned to VLAN 5. (Details not shown.)

802.1X SmartOn configuration example

Network requirements

As shown in Figure 35, configure the SmartOn feature on GigabitEthernet 2/1/1 so that the host must

pass SmartOn authentication before 802.1X authentication.

Set the SmartOn password to 1234 in plain text and switch ID to XYZ. Set the SmartOn client timeout

timer to 40 seconds.

Figure 35 Network diagram

Configuration procedure

1. Configure a RADIUS scheme:

# Create RADIUS scheme 2000 and enter RADIUS scheme view.

<Device> system-view

[Device] radius scheme 2000