196
1. Configure the RADIUS server, and make sure the authentication, authorization, and accounting
functions work normally. In this example, configure on the RADIUS server an 802.1X user (with
username userdot), a portal user (with username userpt), a MAC authentication user (with a
username and password both being the MAC address of the printer 001588f80dd7), and an
authorized VLAN (VLAN 3).
2. Configure PKI domain pkidm and acquire the local and CA certificates. For more information, see
the chapter “PKI configuration.”
3. Complete the editing of a self-defined default authentication page file, compress the file to a zip
file named defaultfile and save the zip file at the root directory.
4. Configure DHCP.
# Configure VLANs and IP addresses for the VLAN interfaces, and add ports to specific VLANs. (Details
not shown)
# Enable DHCP.
<Switch> system-view
[Switch] dhcp enable
# Exclude the IP address of the update server from assignment.
[Switch] dhcp server forbidden-ip 2.2.2.2
# Configure IP address pool 1, including the address range, lease and gateway address. A short lease
is recommended to shorten the time terminals use to re-acquire IP addresses after the terminals passing
or failing authentication.
[Switch] dhcp server ip-pool 1
[Switch-dhcp-pool-1] network 192.168.1.0 mask 255.255.255.0
[Switch-dhcp-pool-1] expired day 0 hour 0 minute 1
[Switch-dhcp-pool-1] gateway-list 192.168.1.1
[Switch-dhcp-pool-1] quit
NOTE:
short lease is recommended to shorten the time that terminals use to re-acquire IP addresses after
passin
or failin
authentication. However, in some applications, a terminal can require a new IP address
before the lease duration expires. For example, the iNode 802.1X client automatically renews its IP
address after disconnecting from the server.
# Configure IP address pool 2, including the address range, lease and gateway address. A short lease
is recommended to shorten the time terminals use to re-acquire IP addresses after the terminals pass
authentication.
[Switch] dhcp server ip-pool 2
[Switch-dhcp-pool-2] network 2.2.2.0 mask 255.255.255.0
[Switch-dhcp-pool-2] expired day 0 hour 0 minute 1
[Switch-dhcp-pool-2] gateway-list 2.2.2.1
[Switch-dhcp-pool-2] quit
# Configure IP address pool 3, including the address range, lease and gateway address. A short lease
is recommended to shorten the time terminals use to re-acquire IP addresses after the terminals are
offline.
[Switch] dhcp server ip-pool 3
[Switch-dhcp-pool-3] network 3.3.3.0 mask 255.255.255.0
[Switch-dhcp-pool-3] expired day 0 hour 0 minute 1
[Switch-dhcp-pool-3] gateway-list 3.3.3.1
To Next Page
Loading...
Need help?
General