EasyManuals Logo

H3C S5120-SI Series Configuration Guide

H3C S5120-SI Series
745 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Page #402 background imageLoading...
Page #402 background image
1-24
[Switch-radius-2000] primary authentication 10.11.1.1 1812
[Switch-radius-2000] primary accounting 10.11.1.1 1813
[Switch-radius-2000] key authentication abc
[Switch-radius-2000] key accounting abc
[Switch-radius-2000] user-name-format without-domain
[Switch-radius-2000] quit
# Configure authentication domain system and specify to use RADIUS scheme 2000 for users of the
domain.
[Switch] domain system
[Switch-isp-system] authentication default radius-scheme 2000
[Switch-isp-system] authorization default radius-scheme 2000
[Switch-isp-system] accounting default radius-scheme 2000
[Switch-isp-system] quit
# Enable 802.1X globally.
[Switch] dot1x
# Enable 802.1X for port GigabitEthernet 1/0/2.
[Switch] interface gigabitethernet 1/0/2
[Switch-GigabitEthernet1/0/2] dot1x
# Set the port access control method to portbased.
[Switch-GigabitEthernet1/0/2] dot1x port-method portbased
# Set the port authorization mode to auto.
[Switch-GigabitEthernet1/0/2] dot1x port-control auto
[Switch-GigabitEthernet1/0/2] quit
# Create VLAN 10.
[Switch] vlan 10
[Switch-vlan10] quit
# Specify port GigabitEthernet 1/0/2 to use VLAN 10 as its guest VLAN.
[Switch] dot1x guest-vlan 10 interface gigabitethernet 1/0/2
You can use the display current-configuration or display interface gigabitethernet 1/0/2 command
to view your configuration. You can also use the display vlan 10 command to verify whether the
configured guest VLAN functions normally when the device sends authentication triggering packets
(EAP-Request/Identity) for more than the specified number of times in the following cases:
z When no users log in.
z When a user goes offline.
After a user passes the authentication successfully, you can use the display interface gigabitethernet
1/0/2 command to verity that port GigabitEthernet 1/0/2 has been added to the assigned VLAN 5.
ACL Assignment Configuration Example
Network requirements
As shown in Figure 1-14, a host is connected to port GigabitEthernet 1/0/1 of the device and must pass
802.1X authentication to access the Internet.

Table of Contents

Other manuals for H3C S5120-SI Series

Preview: Operation Manual
Operation Manual697 pages
Preview: Command Reference
Command Reference910 pages
Preview: Installation Manual
Installation Manual70 pages
Preview: Quick Start Guide
Quick Start Guide4 pages

Questions and Answers:

Question and Answer IconNeed help?

Do you have a question about the H3C S5120-SI Series and is the answer not in the manual?

H3C S5120-SI Series Specifications

General IconGeneral
BrandH3C
ModelS5120-SI Series
CategorySwitch
LanguageEnglish

Related product manuals