109
NOTE:
In addition to the configuration on the access device, complete the following tasks:
• Configure the DHCP server so that the host can obtain an IP address on the segment of 192.168.1.0/24.
• Configure the web server so that users can log in to the web page to download 802.1X clients.
• Configure the authentication server to provide authentication, authorization, and accounting services.
Configuration procedure
1. Configure an IP address for each interface. (Details not shown)
2. Configure DHCP relay.
# Enable DHCP.
<Device> system-view
[Device] dhcp enable
# Configure a DHCP server for a DHCP server group.
[Device] dhcp relay server-group 1 ip 192.168.2.2
# Enable the relay agent VLAN interface 2.
[Device] interface vlan-interface 2
[Device-Vlan-interface2] dhcp select relay
# Correlate VLAN interface 2 to the DHCP server group.
[Device-Vlan-interface2] dhcp relay server-select 1
[Device-Vlan-interface2] quit
3. Configure a RADIUS scheme and an ISP domain.
For more information about configuration procedure, see the chapter “802.1X configuration.”
4. Configure 802.1X.
# Configure the free IP.
[Device] dot1x free-ip 192.168.2.0 24
# Configure the redirect URL for client software download.
[Device] dot1x url http://192.168.2.3
# Enable 802.1X globally.
[Device] dot1x
# Enable 802.1X on the port.
[Device] interface ethernet 1/0/1
[Device-Ethernet1/0/1] dot1x
Verifying the configuration
Use the display dot1x command to display the 802.1X configuration. After the host obtains an IP address
from a DHCP server, use the ping command from the host to ping an IP address on the network segment
specified by free IP.
C:\>ping 192.168.2.3
Pinging 192.168.2.3 with 32 bytes of data:
Reply from 192.168.2.3: bytes=32 time<1ms TTL=128
Reply from 192.168.2.3: bytes=32 time<1ms TTL=128
To Next Page
Loading...
Need help?
General