3com S7906E Instruccion De Instalación

 

1-27 

After the host passes 802.1X authentication, the RADIUS server assigns ACL 3000 to port 

GigabitEthernet 2/0/1. As a result, the host can access the Internet but cannot access the FTP server, 

whose IP address is 10.0.0.1. 

Figure 1-14 Network diagram for ACL assignment 

 

 

 

# Configure the IP addresses of the interfaces. (Omitted) 

# Configure the RADIUS scheme. 

<Device> system-view 

[Device] radius scheme 2000 

[Device-radius-2000] primary authentication 10.1.1.1 1812 

[Device-radius-2000] primary accounting 10.1.1.2 1813 

[Device-radius-2000] key authentication abc 

[Device-radius-2000] key accounting abc 

[Device-radius-2000] user-name-format without-domain 

[Device-radius-2000] quit 

# Create an ISP domain and specify the AAA schemes. 

[Device] domain 2000 

[Device-isp-2000] authentication default radius-scheme 2000 

[Device-isp-2000] authorization default radius-scheme 2000 

[Device-isp-2000] accounting default radius-scheme 2000 

[Device-isp-2000] quit 

# Configure ACL 3000 to deny packets destined for 10.0.0.1. 

[Device] acl number 3000 

[Device-acl-adv-3000] rule 0 deny ip destination 10.0.0.1 0 

# Enable 802.1X globally.  

[Device] dot1x 

# Enable 802.1X for port GigabitEthernet 2/0/1. 

[Device] interface gigabitethernet 2/0/1 

[Device-GigabitEthernet 2/0/1] dot1x 

After logging in successfully, a user can use the ping  command to verify whether the ACL 3000 

assigned by the RADIUS server functions. 

C:\>ping 10.0.0.1