802.1X With Acl Assignment Configuration Example - HP 3600 v2 Series Security Configuration Manual
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (449 pages) ,
- Installation manual (62 pages)
Table of Contents
Advertisement
Configure 802.1X.
6.
# Enable 802.1X globally.
[Device] dot1x
# Enable 802.1X for port Ethernet 1/0/2.
[Device] interface ethernet 1/0/2
[Device-Ethernet1/0/2] dot1x
# Implement port-based access control on the port.
[Device-Ethernet1/0/2] dot1x port-method portbased
# Set the port authorization mode to auto. This step is optional. By default, the port is in auto mode.
[Device-Ethernet1/0/2] dot1x port-control auto
[Device-Ethernet1/0/2] quit
# Set VLAN 10 as the 802.1X guest VLAN for port Ethernet 1/0/2.
[Device] dot1x guest-vlan 10 interface ethernet 1/0/2
Verifying the configuration
Use the display dot1x interface ethernet 1/0/2 command to verify the 802.1X guest VLAN configuration
on Ethernet 1/0/2. If no user passes authentication on the port within a specific period of time, use the
display vlan 10 command to verify whether Ethernet 1/0/2 is assigned to VLAN 10.
After a user passes authentication, you can use the display interface ethernet 1/0/2 command to verity
that port Ethernet 1/0/2 has been added to VLAN 5.
802.1X with ACL assignment configuration example
Network requirements
As shown in
device.
Perform 802.1X authentication on the port. Use the RADIUS server at 10.1.1.1 as the authentication and
authorization server and the RADIUS server at 10.1.1.2 as the accounting server. Assign an ACL to
Ethernet 1/0/1 to deny the access of 802.1X users to the FTP server at 10.0.0.1/24 on weekdays during
business hours from 8:00 to 18:00.
Figure 46 Network diagram
Configuration procedure
Figure
46, the host at 192.168.1.10 connects to port Ethernet 1/0/1 of the network access
103
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
