Configuring quick ead deployment, Configuration prerequisites, Configuration procedure – H3C Technologies H3C S3100 Series Switches User Manual

Page 394: Configuring a free ip range, Setting the acl timeout period

Advertising
background image

2-2

Configuring Quick EAD Deployment

Configuration Prerequisites

z

Enable 802.1x on the switch.

z

Set the access mode to auto for 802.1x-enabled ports.

Configuration Procedure

Configuring a free IP range

A free IP range is an IP range that users can access before passing 802.1x authentication.

Table 2-1 Configure a free IP range

To do...

Use the command...

Remarks

Enter system view

system-view

Configure the URL for HTTP
redirection

dot1x url url-string

Required

Configure a free IP range

dot1x free-ip ip-address
{ mask-address | mask-length }

Required

By default, no free IP range is
configured.

z

You must configure the URL for HTTP redirection before configuring a free IP range. A URL must

start with http:// and the segment where the URL resides must be in the free IP range. Otherwise,

the redirection function cannot take effect.

z

You must disable the DHCP-triggered authentication function of 802.1x before configuring a free IP

range.

z

With dot1x enabled but quick EAD deployment disabled, users cannot access the DHCP server if

they fail 802.1x authentication. With quick EAD deployment enabled, users can obtain IP

addresses dynamically before passing authentication if the IP address of the DHCP server is in the

free IP range.

z

The quick EAD deployment function applies to only ports with the access control mode set to auto

through the dot1x port-control command.

z

At present, 802.1x is the only access approach that supports quick EAD deployment.

z

Currently, the quick EAD deployment function does not support port security. The configured free

IP range cannot take effect if you enable port security.

Setting the ACL timeout period

The quick EAD deployment function depends on ACLs in restricting access of users failing

authentication. Each online user that has not passed authentication occupies a certain amount of ACL

resources. After a user passes authentication, the occupied ACL resources will be released. When a

large number of users log in but cannot pass authentication, the switch may run out of ACL resources,

preventing other users from logging in. A timer called ACL timer is designed to solve this problem.

Advertising
Popular Brands
Popular manuals