Operation Manual – 802.1x-HABP-MAC AuthenticationH3C S5500-EI Series Ethernet Switches Chapter 1 802.1x Configuration1-24[Sysname-GigabitGigabitEthernet1/0/1] dot1x port-method portbased# Set the port access control mode to auto.[Sysname-GigabitGigabitEthernet1/0/1] dot1x port-control auto[Sysname-GigabitGigabitEthernet1/0/1] quit# Create VLAN 10.[Sysname] vlan 10[Sysname-vlan10] quit# Specify port GigabitEthernet 1/0/1 to use VLAN 10 as its guest VLAN.[Sysname] dot1x guest-vlan 10 interface GigabitEthernet 1/0/1You can use the display current-configuration or display interface GigabitEthernet1/0/1 command to view your configuration. You can also use the display vlan 10command in the following cases to verify whether the configured guest VLAN functions:z When no users log in.z When a user fails the authentication.z When a user goes offline.1.7 ACL Assignment Configuration ExampleI. Network requirementsAs shown in Figure 1-14, a host is connected to port GigabitEthernet1/0/1 of the deviceand must pass 802.1x authentication to access the Internet.z Configure the RADIUS server to assign ACL 3000.z Enable 802.1x authentication on GigabitEthernet1/0/1 of the device, and configureACL 3000.After the host passes 802.1x authentication, the RADIUS server assigns ACL 3000 toGigabitEthernet1/0/1. As a result, the host can access the Internet but cannot accessthe FTP server, whose IP address is 10.0.0.1.II. Network diagramFigure 1-14 Network diagram for ACL assignment