EasyManua.ls Logo

HPE FlexFabric 5940 SERIES

HPE FlexFabric 5940 SERIES
571 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
102
To configure the EAD assistant feature:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enable the EAD assistant
feature.
dot1x ead-assistant enable
By default, this feature is disabled.
3. Configure a free IP.
dot1x ead-assistant free-ip
ip-address { mask-address |
mask-length }
By default, no free IPs exist.
4. (Optional.) Configure the
redirect URL.
dot1x ead-assistant url
url-string
By default, no redirect URL exists.
Configure the redirect URL if users will
use Web browsers to access the
network.
5. (Optional.) Set the EAD
rule timer.
dot1x timer ead-timeout
ead-timeout-value
The default setting is 30 minutes.
Displaying and maintaining 802.1X
Execute display commands in any view and reset commands in user view.
Task Command
Display 802.1X session information,
statistics, or configuration information of
specified or all ports.
display
dot1x
[
sessions
|
statistics
] [
interface
interface-type
interface-number ]
Display online 802.1X user information.
display dot1x connection
[
interface
interface-type
interface-number |
slot
slot-number |
user-mac
mac-address |
user-name
name-string ]
Clear 802.1X statistics.
reset
dot1x statistics
[
interface
interface-type
interface-number ]
Remove users from the 802.1X guest
VLAN on a port.
reset dot1x guest-vlan interface
interface-type
interface-number [
mac-address
mac-address ]
802.1X authentication configuration examples
Basic 802.1X authentication configuration example
Network requirements
As shown in Figure 32, the access device performs 802.1X authentication for users that connect to
Ten-GigabitEthernet 1/0/1. Implement MAC-based access control on the port, so the logoff of one
user does not affect other online 802.1X users.
Use RADIUS servers to perform authentication, authorization, and accounting for the 802.1X users.
If RADIUS authentication fails, perform local authentication on the access device.
Configure the RADIUS server at 10.1.1.1/24 as the primary authentication and accounting server,
and the RADIUS server at 10.1.1.2/24 as the secondary authentication and accounting server.
Assign all users to the ISP domain bbb.
Set the shared key to name for packets between the access device and the authentication server.
Set the shared key to money for packets between the access device and the accounting server.

Table of Contents

Other manuals for HPE FlexFabric 5940 SERIES

Related product manuals