105
[Device] vlan 1
[Device-vlan1] port ethernet 1/2
[Device-vlan1] quit
[Device] vlan 10
[Device-vlan10] port ethernet 1/1
[Device-vlan10] quit
[Device] vlan 2
[Device-vlan2] port ethernet 1/4
[Device-vlan2] quit
[Device] vlan 5
[Device-vlan5] port ethernet 1/3
[Device-vlan5] quit
4. Configure a RADIUS scheme:
# Configure RADIUS scheme 2000 and enter its view.
<Device> system-view
[Device] radius scheme 2000
# Specify primary and secondary authentication and accounting servers. Set the shared key to
abc for authentication and accounting packets.
[Device-radius-2000] primary authentication 10.11.1.1 1812
[Device-radius-2000] primary accounting 10.11.1.1 1813
[Device-radius-2000] key authentication abc
[Device-radius-2000] key accounting abc
# Exclude the ISP domain name from the username sent to the RADIUS server.
[Device-radius-2000] user-name-format without-domain
[Device-radius-2000] quit
5. Configure an ISP domain:
# Create ISP domain bbb and enter its view.
[Device] domaim bbb
# Apply RADIUS scheme 2000 to the ISP domain for authentication, authorization, and
accounting.
[Device-isp-bbb] authentication lan-access radius-scheme 2000
[Device-isp-bbb] authorization lan-access radius-scheme 2000
[Device-isp-bbb] accounting lan-access radius-scheme 2000
[Device-isp-bbb] quit
6. Configure 802.1X:
# Enable 802.1X globally.
[Device] dot1x
# Enable 802.1X for port Ethernet 1/2.
[Device] interface ethernet 1/2
[Device-Ethernet1/2] dot1x
# Implement port-based access control on the port.
[Device-Ethernet1/2] dot1x port-method portbased
# Set the port authorization mode to auto. This step is optional. By default, the port is in auto
mode.
[Device-Ethernet1/2] dot1x port-control auto
[Device-Ethernet1/2] quit
# Set VLAN 10 as the 802.1X guest VLAN for port Ethernet 1/2.
[Device] dot1x guest-vlan 10 interface ethernet 1/2
To Next Page
Loading...
