98
# Assign IP addresses to interfaces. (Omitted)
# Configure the RADIUS scheme.
<Router> system-view
[Router] radius scheme 2000
[Router-radius-2000] primary authentication 10.1.1.1 1812
[Router-radius-2000] primary accounting 10.1.1.2 1813
[Router-radius-2000] key authentication abc
[Router-radius-2000] key accounting abc
[Router-radius-2000] user-name-format without-domain
[Router-radius-2000] quit
# Create an ISP domain, and specify the RADIUS scheme 2000 as the default AAA scheme for the
domain.
[Router] domain 2000
[Router-isp-2000] authentication default radius-scheme 2000
[Router-isp-2000] authorization default radius-scheme 2000
[Router-isp-2000] accounting default radius-scheme 2000
[Router-isp-2000] quit
# Configure ACL 3000 to deny packets destined for the FTP server at 10.0.0.1.
[Router] acl number 3000
[Router-acl-adv-3000] rule 0 deny ip destination 10.0.0.1 0
# Enable 802.1X globally.
[Router] dot1x
# Enable 802.1X on port GigabitEthernet 1/0/1.
[Router] interface gigabitethernet 1/0/1
[Router-GigabitEthernet1/0/1] dot1x
Verification
Use the user account to pass authentication. Then ping the FTP server.
C:\>ping 10.0.0.1
Pinging 10.0.0.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 10.0.0.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
The output shows that ACL 3000 is valid. You cannot access the FTP server.