Configuration Guide 802.1x Configuration
Application of 802.1X port-based Guest VLAN and VLAN assignment
Network Topology
Figure 14 Topology for 802.1X port-based Guest VLAN and VLAN assignment
Networking Requirements
The client accesses network through 802.1x authentication. RADIUS server is the authentication server, and FTP server
is the server used by the client for software downloading and pack upgrade while it belongs to VLAN10. Radius Server is
used for authentication, authorization, accounting and dynamic VLAN assignment, and it belongs to VLAN1. The
Internet-connecting port F0/24 of switch belongs to VLAN2. The following needs must be met:
1) If the switch receives no reply after sending authentication request packets (EAP-Request/Identity) for the configured
number of tries, F0/1 will join the Guest VLAN (VLAN10). By this time, both Supplicant and FTP Sever belong to
VLAN10, and Supplicant can access FTP Server and download 802.1x client.
2) After successful authentication, RADIUS server will assign VLAN2. By this time, both Supplicant and F0/24 belong to
VLAN2, and Supplicant can access Internet.
Configuration Tips
Turn on AAA switch and configure the communication between device and RADIUS SERVER;
Configure 802.1X authentication and configure the device port for client access as controlled port;
Enable dynamic VLAN assignment on the corresponding interface;
Configure whether or not enable guest VLAN on the corresponding interface.
Configuration Steps
Configure access switch "SwitchA":
! Configure the VLANs to which the port belong:
Ruijie(config)#interface fastEthernet 0/3
Ruijie(config-if-FastEthernet 0/3)#switchport access vlan 10
Ruijie(config-if-FastEthernet 0/3)#exit
Ruijie(config)#interface fastEthernet 0/24
To Next Page
Loading...
