PLANET XGS3-24042 User Manual

Page 564

Advertising
background image

60-8

Figure 60-1 MAB application

Switch1 is a layer 2 accessing switch, Switch2 is a layer 3 aggregation switch.

Ethernet 1/0/1 is an access port of Switch1, connects to PC1, it enables 802.1x port-based function and

configures guest vlan as vlan8.

Ethernet 1/0/2 is a hybrid port, connects to PC2, native vlan of the port is vlan1, and configures guest vlan as

vlan8, it joins in vlan1, vlan8 and vlan10 with untag method and enables MAB function.

Ethernet 1/0/3 is an access port, connects to the printer and enables MAB function.

Ethernet 1/0/4 is a trunk port, connects to Switch2.

Ethernet 1/0/4 is a trunk port of Switch2, connects to Switch1.

Ethernet 1/0/1 is an access port, belongs to vlan8, connects to update server to download and upgrade the

client software.

Ethernet 1/0/2 is an access port, belongs to vlan9, connects to radius server which configure auto vlan as

vlan10.

Ethernet 1/0/3 is an access port, belongs to vlan10, connects to external internet resources.

To implement this application, the configuration is as follows:

Switch1 configuration:

(1) Enable 802.1x and MAB authentication function globally, configure username and password of MAB

authentication and radius-server address

Switch(config)# dot1x enable

Switch(config)# mac-authentication-bypass enable

Switch(config)#mac-authentication-bypass username-format fixed username mabuser password mabpwd

Switch(config)#vlan 8-10

Switch(config)#interface vlan 9

Switch(config-if-vlan9)ip address 192.168.61.9 255.255.255.0

Switch(config-if-vlan9)exit

Switch(config)#radius-server authentication host 192.168.61.10

Switch(config)#radius-server accounting host 192.168.61.10

Switch(config)#radius-server key test

Switch(config)#aaa enable

Switch(config)#aaa-accounting enable

(2) Enable the authentication function of each port

Switch(config)#interface ethernet 1/0/1

Switch(config-if-ethernet1/0/1)#dot1x enable

Switch(config-if-ethernet1/0/1)# dot1x port-method portbased

Switch(config-if-ethernet1/0/1)# dot1x guest-vlan 8

Switch(config-if-ethernet1/0/1)#exit

Advertising
This manual is related to the following products:

XGS3-24242

Popular Brands
Popular manuals