Инструкции По Установке для 3com S7906E
1-21
Configuration procedure
Follow these steps to configure an Auth-Fail VLAN:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter Ethernet interface view
interface interface-type
interface-number
interface-number
—
Configure the Auth-Fail VLAN
for the port
for the port
dot1x auth-fail vlan
authfail-vlan-id
authfail-vlan-id
Required
By default, a port is configured
with no Auth-Fail VLAN.
with no Auth-Fail VLAN.
z
Different ports can be configured with different Auth-Fail VLANs, but a port can be configured with
only one Auth-Fail VLAN.
z
The generated MAFV entry for a MAC address will overwrite the existing blocked-MAC entry of the
MAC address on the port. But if the port is disabled by the intrusion protection function, the MAFV
cannot take effect. For description on the intrusion protection function of disabling a port, refer to
Port Security Configuration in the Security Volume.
Displaying and Maintaining 802.1X
To do…
Use the command…
Remarks
Display 802.1X session
information, statistics, or
configuration information of
specified or all ports
information, statistics, or
configuration information of
specified or all ports
display dot1x [ sessions |
statistics ] [ interface
interface-list ]
statistics ] [ interface
interface-list ]
Available in any view
Clear 802.1X statistics
reset dot1x statistics
[ interface interface-list ]
[ interface interface-list ]
Available in user view
802.1X Configuration Example
Network requirements
z
It is required to use the access control method of macbased on the port GigabitEthernet 2/0/1 to
control clients.
z
All clients belong to default domain aabbcc.net, which can accommodate up to 30 users. RADIUS
authentication is performed at first, and then local authentication when no response from the
RADIUS server is received. If the RADIUS accounting fails, the device gets users offline.
z
A server group with two RADIUS servers is connected to the device. The IP addresses of the
servers are 10.1.1.1 and 10.1.1.2 respectively. Use the former as the primary
authentication/secondary accounting server, and the latter as the secondary
authentication/primary accounting server.