ACL Assignment Configuration Example 735
[Sysname-GigabitGigabitEthernet1/0/1] dot1x port-control auto
[Sysname-GigabitGigabitEthernet1/0/1] quit
# Create VLAN 10.
[Sysname] vlan 10
[Sysname-vlan10] quit
# Specify port GigabitEthernet 1/0/1 to use VLAN 10 as its guest VLAN.
[Sysname] dot1x guest-vlan 10 interface GigabitEthernet 1/0/1
You can use the display current-configuration or display interface
GigabitEthernet 1/0/1 command to view your configuration. You can also use
the display vlan 10 command in the following cases to verify whether the
configured guest VLAN functions:
■ When no users log in.
■ When a user fails the authentication.
■ When a user goes offline.
ACL Assignment
Configuration
Example
Network requirements
As shown in Figure 223, a host is connected to port GigabitEthernet1/0/1 of the
device and must pass 802.1x authentication to access the Internet.
■ Configure the RADIUS server to assign ACL 3000.
■ Enable 802.1x authentication on GigabitEthernet1/0/1 of the device, and
configure ACL 3000.
After the host passes 802.1x authentication, the RADIUS server assigns ACL 3000
to GigabitEthernet1/0/1. As a result, the host can access the Internet but cannot
access the FTP server, whose IP address is 10.0.0.1.
Network diagram
Figure 223 Network diagram for ACL assignment
Configuration procedure
# Configure the IP addresses of the interfaces. (Omitted)
# Configure the RADIUS scheme.
Internet
SwitchHost
Authentication servers
(RADIUS server cluster)
192.168.1.10
GE1/0/1
192.168.1.1/24
GE1/0/2
192.168.1.2/24
FTP serve
10.0.0.1
10.1.1.1
10.1.1.2
To Next Page
Loading...
