29-2
Configuring Quick EAD Deployment
Configuration Prerequisites
z
Enable 802.1x on the switch.
z
Set the access mode to
auto
for 802.1x-enabled ports.
Configuration Procedure
Configuring a free IP range
A free IP range is an IP range that users can access before passing 802.1x authentication.
Follow these steps to configure a free IP range:
To do...
Use the command...
Remarks
Enter system view
system-view
—
Configure the URL for HTTP
redirection
dot1x url
url-string
Required
Configure a free IP range
dot1x free-ip
ip-address
{
mask-address
|
mask-length
}
Required
By default, no free IP range is
configured.
z
You must configure the URL for HTTP redirection before configuring a free IP range. A URL must
start with http:// and the segment where the URL resides must be in the free IP range. Otherwise,
the redirection function cannot take effect.
z
You must disable the DHCP-triggered authentication function of 802.1x before configuring a free IP
range.
z
With dot1x enabled but quick EAD deployment disabled, users cannot access the DHCP server if
they fail 802.1x authentication. With quick EAD deployment enabled, users can obtain IP
addresses dynamically before passing authentication if the IP address of the DHCP server is in the
free IP range.
z
The quick EAD deployment function applies to only ports with the access control mode set to
auto
through the
dot1x port-control
command.
z
At present, 802.1x is the only access approach that supports quick EAD deployment.
z
Currently, the quick EAD deployment function does not support port security. The configured free
IP range cannot take effect if you enable port security.
z
The quick EAD deployment function and the MAC address authentication function are mutually
exclusive. You cannot configure both the functions on the switch.
Setting the ACL timeout period
The quick EAD deployment function depends on ACLs in restricting access of users failing
authentication. Each online user that has not passed authentication occupies a certain amount of ACL
resources. After a user passes authentication, the occupied ACL resources will be released. When a