PLANET WGSW-52040 User Manual

Switch1 is a layer 2 accessing switch, Switch2 is a layer 3 aggregation switch.

Ethernet 1/1 is an access port of Switch1, connects to PC1, it enables 802.1x port-based

function and configures guest vlan as vlan8.

Ethernet 1/2 is a hybrid port, connects to PC2, native vlan of the port is vlan1, and configures

guest vlan as vlan8, it joins in vlan1, vlan8 and vlan10 with untag method and enables MAB

function.

Ethernet 1/3 is an access port, connects to the printer and enables MAB function.

Ethernet 1/4 is a trunk port, connects to Switch2.

Ethernet 1/4 is a trunk port of Switch2, connects to Switch1.

Ethernet 1/1 is an access port, belongs to vlan8, connects to update server to download and

upgrade the client software.

Ethernet 1/2 is an access port, belongs to vlan9, connects to radius server which configure

auto vlan as vlan10.

Ethernet 1/3 is an access port, belongs to vlan10, connects to external internet resources.

To implement this application, the configuration is as follows:

Switch1 configuration:

(1) Enable 802.1x and MAB authentication function globally, configure username and

password of MAB authentication and radius-server address

Switch(config)# dot1x enable

Switch(config)# mac-authentication-bypass enable

Switch(config)#mac-authentication-bypass username-format fixed username mabuser

password mabpwd

Switch(config)#vlan 8-10

Switch(config)#interface vlan 9

Switch(config-if-vlan9)ip address 192.168.61.9 255.255.255.0

Switch(config-if-vlan9)exit

Switch(config)#radius-server authentication host 192.168.61.10

Switch(config)#radius-server accounting host 192.168.61.10

Switch(config)#radius-server key test

Switch(config)#aaa enable

Switch(config)#aaa-accounting enable

(2) Enable the authentication function of each port

Switch(config)#interface ethernet 1/1

Switch(config-if-ethernet1/1)#dot1x enable

50-192