2-2Configuring Quick EAD DeploymentConfiguration Prerequisitesz Enable 802.1x on the switch.z Set the port authorization mode to auto for 802.1x-enabled ports using the dot1x port-controlcommand.Configuration ProcedureConfiguring a free IP rangeA free IP range is an IP range that users can access before passing 802.1x authentication.Follow these steps to configure a free IP range:To do... Use the command... RemarksEnter system view system-view —Configure the URL for HTTPredirection dot1x url url-string RequiredConfigure a free IP range dot1x free-ip ip-address{ mask-address | mask-length }RequiredBy default, no free IP range isconfigured.Caution:z You must configure the URL for HTTP redirection before configuring a free IP range. A URL muststart with http:// and the segment where the URL resides must be in the free IP range. Otherwise,the redirection function cannot take effect.z You must disable the DHCP-triggered authentication function of 802.1x before configuring a free IPrange.z With dot1x enabled but quick EAD deployment disabled, users cannot access the DHCP server ifthey fail 802.1x authentication. With quick EAD deployment enabled, users can obtain IPaddresses dynamically before passing authentication if the IP address of the DHCP server is in thefree IP range.z The quick EAD deployment function applies to only ports with the authorization mode set to autothrough the dot1x port-control command.z At present, 802.1x is the only access approach that supports quick EAD deployment.z Currently, the quick EAD deployment function does not support port security. The configured freeIP range cannot take effect if you enable port security.z The quick EAD deployment function and the MAC address authentication function are mutuallyexclusive. You cannot configure both the functions on the switch.Setting the ACL timeout periodThe quick EAD deployment function depends on ACLs in restricting access of users failingauthentication. Each online user that has not passed authentication occupies a certain amount of ACLresources. After a user passes authentication, the occupied ACL resources will be released. When a