Configuring DHCP option dot1x
Description in Understanding the DHCP Relay Agent Information shows that we
can configure ip dhcp relay information option dot1x to enable the option
dot1x function of the DHCP relay when you need to assign the IP addresses
with different privileges to the users of different privileges. When this function is
enabled, the device will work with 802.1x to add corresponding option
information to the DHCP server when it relays. This function should be used
with the dot1x function.
To configure DHCP option dot1x, execute the following commands in the global
configuration mode:
Configuring DHCP option dot1x access-group
In the option dot1x application scheme, the device needs to restrict the
unauthorized IP address or the IP address with low privilege to access certain
IP addresses, and restrict the access between users with low privileges. To do
so, configure the command ip dhcp relay information option dot1x
access-group acl-name. Here the ACL defined by acl-name must be
configured in advance. It is used to filter some contents and prohibit
unauthorized users from accessing each other. In addition, ACL associated
here is applied to all the ports on the device. This ACL has not default ACE and
is not conflicted with ACLs associated with other interfaces. For example:
Assign a type of IP addresses for all the unauthorized users, namely
192.168.3.2-192.168.3.254, 192.168.4.2-192.168.4.254, and
192.168.5.2-192.168.5.254. 192.168.3.1, 192.168.4.1, and 192.168.5.1 are
gateway addresses that are not assigned to users. In this way, an unauthorized
user uses one of the 192.168.3.x-5.x addresses to access the Web portal for
downloading client software. Therefore, the device should be configured as
follows:
Ruijie# config
Ruijie(config)# ip access-list extended DenyAccessEachOtherOfUnauthrize
To Next Page
Loading...
