100
Ping statistics for 10.0.0.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
The output shows that ACL 3000 is active on the user, and the user cannot access the FTP server.
802.1X with EAD assistant configuration example
Network requirements
As shown in Figure 34:
• The intranet 192.168.1.0/24 is attached to GigabitEthernet 1/0/1 of the access device.
• The hosts use DHCP to obtain IP addresses.
• A DHCP server and a Web server are deployed on the 192.168.2.0/24 subnet for users to
obtain IP addresses and download client software.
Deploy an EAD solution for the intranet to meet the following requirements:
• Allow unauthenticated users and users who have failed 802.1X authentication to access
192.168.2.0/24. The users can obtain IP addresses and download software.
• If these users use a Web browser to access a network other than 192.168.2.0/24, redirect them
to the Web server for 802.1X client downloading.
• Allow authenticated 802.1X users to access the network.
Figure 34 Network diagram
Configuration procedure
1. Make sure the DHCP server, the Web server, and the authentication servers have been
configured correctly. (Details not shown.)
2. Configure an IP address for each interface. (Details not shown.)
3. Configure DHCP relay:
# Enable DHCP.
<Device> system-view
[Device] dhcp enable
# Enable the DHCP relay agent on VLAN-interface 2.
[Device] interface vlan-interface 2
GE1/0/2
10.1.1.10/24
GE1/0/1
Free IP:
WEB server
192.168.2.3/24
Internet
192.168.1.0/24
Vlan-int 2
192.168.1.1/24
192.168.2.0/24
GE1/0/3
192.168.2.1/24
DHCP server
192.168.2.2/24
Authentication servers
10.1.1.1/10.1.1.2
Device
To Next Page
Loading...
Need help?
General