Operation Manual – 802.1x - MAC AuthenticationH3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration1-20# Set radius1 as the RADIUS scheme for users of the domain and specify to use localauthentication as the secondary scheme.[Sysname-isp-aabbcc.net] authentication default radius-scheme radius1 local[Sysname-isp-aabbcc.net] authorization default radius-scheme radius1 local[Sysname-isp-aabbcc.net] accounting default radius-scheme radius1 local# Set the maximum number of users for the domain as 30.[Sysname-isp-aabbcc.net] access-limit enable 30# Enable the idle cut function and set the idle cut interval.[Sysname-isp-aabbcc.net] idle-cut enable 20[Sysname-isp-aabbcc.net] quit# Configure aabbcc.net as the default domain.[Sysname] domain default enable aabbcc.net# Enable 802.1x globally.[Sysname] dot1x# Enable 802.1x for port Ethernet 2/0/1.[Sysname] interface Ethernet2/0/1[Sysname-Ethernet2/0/1] dot1x[Sysname-Ethernet2/0/1] quit# Set the port access control method. (Optional. The default answers the requirement.)[Sysname] dot1x port-method macbased interface Ethernet2/0/11.6 Guest VLAN Configuration ExampleI. Network requirementsAs shown in Figure 1-11:z A host is connected to port Ethernet 2/0/1 of the switch and must pass 802.1xauthentication to access the Internet.z The authentication server run RADIUS and is in VLAN 2.z The update server, which is in VLAN 10, is for client software download andupgrade.z Port Ethernet 2/0/2 of the switch, which is in VLAN 5, is for accessing the Internet.As shown in Figure 1-12:z On port Ethernet 2/0/1, enable 802.1x and set VLAN 10 as the guest VLAN.As shown in Figure 1-13:z Authenticated supplicants are assigned to VLAN 5 and permitted to access theInternet.
