109
Configuration prerequisites
• Enable 802.1X globally.
• Enable 802.1X on the port, and set the port authorization mode to auto.
Configuring a free IP
When a free IP is configured, the EAD fast deployment is enabled. To allow a user to obtain a
dynamic IP address before passing 802.1X authentication, make sure the DHCP server is on the
free IP segment.
When global MAC authentication, Layer-2 portal authentication, or port security is enabled, the free
IP does not take effect.
If you use free IP, guest VLAN, and Auth-Fail VLAN features together, make sure the free IP
segments are in both guest VLAN and Auth-Fail VLAN. Users can access only the free IP segments.
To configure a free IP:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Configure a free IP.
dot1x free-ip
ip-address
{ mask-address | mask-length }
By default, no free IP is
configured.
Configuring the redirect URL
To configure a redirect URL:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Configure the redirect
URL.
dot1x url
url-string
By default, no redirect URL is configured.
The redirect URL must be on the free IP
subnet.
Setting the EAD rule timer
EAD fast deployment automatically creates an ACL rule, or an EAD rule, to open access to the
redirect URL for each redirected user seeking to access the network. The EAD rule timer sets the
lifetime of each ACL rule. When the timer expires or the user passes authentication, the rule is
removed. If users fail to download EAD client or fail to pass authentication before the timer expires,
they must reconnect to the network to access the free IP.
To prevent ACL rule resources from being used up, you can shorten the timer when the amount of
EAD users is large.
To set the EAD rule timer:
Step Command Remarks
1. Enter system view.
system-view
N/A
To Next Page
Loading...
