95
[Device-Ten-GigabitEthernet1/0/2] dot1x port-control auto
# Set VLAN 10 as the 802.1X guest VLAN on port Ten-GigabitEthernet 1/0/2.
[Device-Ten-GigabitEthernet1/0/2] dot1x guest-vlan 10
[Device-Ten-GigabitEthernet1/0/2] quit
# Enable 802.1X globally.
[Device] dot1x
Verifying the configuration
# Verify the 802.1X guest VLAN configuration on Ten-GigabitEthernet 1/0/2.
[Device] display dot1x interface ten-gigabitethernet 1/0/2
# Verify that Ten-GigabitEthernet 1/0/2 is assigned to VLAN 10 when no user passes authentication on
the port.
[Device] display vlan 10
# After a user passes authentication, display information on Ten-GigabitEthernet 1/0/2. Verify that
Ten-GigabitEthernet 1/0/2 is assigned to VLAN 5.
[Device] display interface ten-gigabitethernet 1/0/2
802.1X with ACL assignment configuration example
Network requirements
As shown in Figure 32, the host that connects to Ten-GigabitEthernet 1/0/1 must pass 802.1X
authentication to access the Internet.
Perform 802.1X authentication on Ten-GigabitEthernet 1/0/1. Use the RADIUS server at 10.1.1.1 as the
authentication and authorization server, and the RADIUS server at 10.1.1.2 as the accounting server.
Configure ACL assignment on Ten-GigabitEthernet 1/0/1 to deny access of 802.1X users to the FTP
server from 8:00 to 18:00 on weekdays.
Figure 32 Network diagram
Configuration procedure
1. Configure the 802.1X client. Make sure the client is able to update its IP address after the access
port is assigned to the 802.1X gu
est VLAN or an au
thorization VLAN. (Details not shown.)
2. Configure the RADIUS serv
ers to provide authentication, authorization, and accounting servic
es.
Add user accounts and specify the
ACL (ACL 3000 in this example) for the user
s. (Details not
shown.)
To Next Page
Loading...
Need help?
General