Table of Contents

1 802.1X-Based EAD Fast Deployment Configuration Commands· 1-1

EAD Fast Deployment Configuration Commands· 1-1

dot1x free-ip· 1-1

dot1x timer ead-timeout 1-2

dot1x url 1-2

EAD Fast Deployment Configuration Commands

dot1x free-ip

Syntax

dot1x free-ip ip-address { mask-address | mask-length }

undo dot1x free-ip { ip-address { mask | mask-length } | all }

View

System view

Default Level

2: System level

Parameters

ip-address: IP address of the freely accessible network segment, also called a free IP.

mask: Mask of the freely accessible network segment.

mask-length: Length of the mask of the freely accessible network segment.

all: Specifies all the freely accessible network segments.

Description

Use the dot1x free-ip command to configure a freely accessible network segment, that is, a network segment that users can access before passing 802.1X authentication.

Use the undo dot1x free-ip command to remove one or all freely accessible network segments.

By default, no freely accessible network segment is configured.

Note that:

l   The free IP function is mutually exclusive with the global MAC authentication function, the port security function, the guest VLAN function, and the Auth-Fail VLAN function on a port.

l   The free IP function is effective only when the port authorization mode is auto.

l   The maximum number of freely accessible network segments is four now.

Examples

# Configure 192.168.0.0/24 as a freely accessible network segment.

<Sysname> system-view

[Sysname] dot1x free-ip 192.168.0.0 24

dot1x timer ead-timeout

Syntax

dot1x timer ead-timeout ead-timeout-value

undo dot1x timer ead-timeout

View

System view

Default Level

2: System level

Parameters

ead-timeout-value: EAD rule timeout time, in the range 1 minute to 1440 minutes.

Description

Use the dot1x timer ead-timeout command to set the EAD rule timeout time.

Use the undo dot1x timer ead-timeout command to restore the default.

By default, the timeout time is 30 minutes.

Examples

# Set the EAD rule timeout time to 5 minutes.

<Sysname> system-view

[Sysname] dot1x timer ead-timeout 5

dot1x url

Syntax

dot1x url url-string

undo dot1x url

View

System view

Default Level

2: System level

Parameters

url-string: Redirect URL, a case-sensitive string of 1 to 64 characters in the format http://string.

Description

Use the dot1x url command to configure a redirect URL. After a redirect URL is configured, when a user uses a Web browser to access networks other than the free IP, the device will redirect the user to the redirect URL.

Use the undo dot1x url command to remove the redirect URL.

By default, no redirect URL is defined.

Note that:

l   The redirect URL and the free IP must be in the same network segment; otherwise, the URL may be inaccessible.

l   You can configure the dot1x url command for more than once but only the last one takes effect.

Related commands: dot1x free-ip.

Examples

# Configure the redirect URL as http://192.168.0.1.

<Sysname> system-view

[Sysname] dot1x url http://192.168.0.1