Manualshelf

H3C S7500E Series Ethernet Switches Operation Manual

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
821822823824825826827828829830
Operation Manual – 802.1x - MAC Authentication
H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration
1-23
[Sysname-Ethernet2/0/1] dot1x port-method portbased
# Set the port access control mode to auto.
[Sysname-Ethernet2/0/1] dot1x port-control auto
[Sysname-Ethernet2/0/1] quit
# Create VLAN 10.
[Sysname] vlan 10
[Sysname-vlan10] quit
# Specify port Ethernet 2/0/1 to use VLAN 10 as its guest VLAN.
[Sysname] dot1x guest-vlan 10 interface Ethernet 2/0/1
You can use the display current-configuration or display interface ethernet
Ethernet 2/0/1 command to view your configuration. You can also use the display vlan
10 command in the following cases to verify whether the configured guest VLAN
functions:
z When no users log in.
z When a user fails the authentication.
z When a user goes offline.
1.7 ACL Assigning Configuration Example
I. Network requirements
As shown in Figure 1-14, a host is connected to port Ethernet 2/0/1 of the switch and
must pass 802.1x authentication to access the Internet.
z Configure the RADIUS server to assign ACL 3000.
z Enable 802.1x authentication on port Ethernet 2/0/1 of the switch, and configure
ACL 3000.
After the host passes 802.1x authentication, the RADIUS server assigns ACL 3000 to
port Ethernet 2/0/1. As a result, the host can access the Internet but cannot access the
FTP server, whose IP address is 10.0.0.1.