87
The EAD assistant feature creates an ACL-based EAD rule automatically to open access to the
redirect URL for each redirected user.
EAD rules are implemented by using ACL resources. When the EAD rule timer expires or the user
passes authentication, the rule is removed. If users fail to download EAD client or fail to pass
authentication before the timer expires, they must reconnect to the network to access the free IP.
Redirect URL assignment
The device supports the URL attribute assigned by a RADIUS server when the 802.1X-enabled port
performs MAC-based access control and the port authorization state is auto. During authentication,
an 802.1X user is redirected to the Web interface specified by the server-assigned URL attribute.
After the user passes the Web authentication, the RADIUS server records the MAC address of the
Web user and uses a DM (Disconnect Message) to log off the Web user. When the user initiates
802.1X authentication again, it will pass the authentication and come online successfully.
This feature is exclusive with the EAD assistant feature.
Configuration prerequisites
Before you configure 802.1X, complete the following tasks:
• Configure an ISP domain and AAA scheme (local or RADIUS authentication) for 802.1X users.
• If RADIUS authentication is used, create user accounts on the RADIUS server.
• If local authentication is used, create local user accounts on the access device and set the
service type to lan-access.
802.1X configuration task list
Tasks at a glance
(Required.) Enabling 802.1X
(Required.) Enabling EAP relay or EAP termination
(Optional.) Setting the port authorization state
(Optional.) Specifying an access control method
(Optional.) Setting the maximum number of concurrent 802.1X users on a port
(Optional.) Setting the maximum number of authentication request attempts
(Optional.) Setting the 802.1X authentication timeout timers
(Optional.) Configuring online user handshake
(Optional.) Configuring the authentication trigger feature
(Optional.) Specifying a mandatory authentication domain on a port
(Optional.) Setting the quiet timer
(Optional.) Configuring 802.1X reauthentication
(Optional.) Configuring an 802.1X guest VLAN
(Optional.) Enabling 802.1X guest VLAN assignment delay
(Optional.) Configuring an 802.1X Auth-Fail VLAN
(Optional.) Configuring an 802.1X critical VLAN
To Next Page
Loading...
Need help?
General