Manualsbrain.com
  1. Manuels
  2. Marques
  3. 3com
  4. WX3000
  5. Manuel D’Utilisation

3com WX3000 Manuel D’Utilisation

Télécharger
Page de 715
 
2-2 
Configuration Procedure 
Configuring a free IP range 
A free IP range is an IP range that users can access before passing 802.1x authentication.  
Follow these steps to configure a free IP range: 
To do… 
Use the command… 
Remarks 
Enter system view 
system-view 
— 
Configure the URL for HTTP 
redirection 
dot1x url url-string 
Required 
Configure a free IP range 
dot1x free-ip ip-address 
mask-address | mask-length }
Required 
By default, no free IP range is 
configured. 
 
 
You must configure the URL for HTTP redirection before configuring a free IP range. A URL must 
start with http:// and the segment where the URL resides must be in the free IP range. Otherwise, 
the redirection function cannot take effect. 
You must disable the DHCP-triggered authentication function of 802.1x before configuring a free IP 
range.  
With dot1x enabled but quick EAD deployment disabled, users cannot access the DHCP server if 
they fail 802.1x authentication. With quick EAD deployment enabled, users can obtain IP 
addresses dynamically before passing authentication if the IP address of the DHCP server is in the 
free IP range.  
The quick EAD deployment function applies to only ports with the authorization mode set to auto 
through the dot1x port-control command.  
Currently, the quick EAD deployment function is implemented based on only 802.1x authentication.  
Currently, the quick EAD deployment function does not support port security. The configured free 
IP range cannot take effect if you enable port security.  
 
Setting the ACL timeout period 
The quick EAD deployment function depends on ACLs in restricting access of users failing 
authentication. Each online user that has not passed authentication occupies a certain amount of ACL 
resources. After a user passes authentication, the occupied ACL resources will be released. When a 
large number of users log in but cannot pass authentication, the device may run out of ACL resources, 
preventing other users from logging in. A timer called ACL timer is designed to solve this problem. 
You can control the usage of ACL resources by setting the ACL timer. The ACL timer starts once a user 
gets online. If the user has not passed authentication when the ACL timer expires, the occupied ACL 
resources are released for other users to use. If the device has a larger number of users, you can 
decrease the timeout period of the ACL timer appropriately for higher utilization of ACL resources.