H3C S7500E Series Ethernet Switches Operation Manual
Operation Manual – 802.1x - MAC Authentication
H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration
1-20
# Set radius1 as the RADIUS scheme for users of the domain and specify to use local
authentication as the secondary scheme.
[Sysname-isp-aabbcc.net] authentication default radius-scheme radius1 local
[Sysname-isp-aabbcc.net] authorization default radius-scheme radius1 local
[Sysname-isp-aabbcc.net] accounting default radius-scheme radius1 local
# Set the maximum number of users for the domain as 30.
[Sysname-isp-aabbcc.net] access-limit enable 30
# Enable the idle cut function and set the idle cut interval.
[Sysname-isp-aabbcc.net] idle-cut enable 20
[Sysname-isp-aabbcc.net] quit
# Configure aabbcc.net as the default domain.
[Sysname] domain default enable aabbcc.net
# Enable 802.1x globally.
[Sysname] dot1x
# Enable 802.1x for port Ethernet 2/0/1.
[Sysname] interface Ethernet2/0/1
[Sysname-Ethernet2/0/1] dot1x
[Sysname-Ethernet2/0/1] quit
# Set the port access control method. (Optional. The default answers the requirement.)
[Sysname] dot1x port-method macbased interface Ethernet2/0/1
1.6 Guest VLAN Configuration Example
I. Network requirements
As shown in Figure 1-11:
z A host is connected to port Ethernet 2/0/1 of the switch and must pass 802.1x
authentication to access the Internet.
z The authentication server run RADIUS and is in VLAN 2.
z The update server, which is in VLAN 10, is for client software download and
upgrade.
z Port Ethernet 2/0/2 of the switch, which is in VLAN 5, is for accessing the Internet.
As shown in
Figure 1-12:
z On port Ethernet 2/0/1, enable 802.1x and set VLAN 10 as the guest VLAN.
As shown in
Figure 1-13:
z Authenticated supplicants are assigned to VLAN 5 and permitted to access the
Internet.