Network requirements
As shown in Figure 29:
A host is connected to port Ethernet 1/0/2 of the device and must pass 802.1X authentication to access the Internet. Ethernet 1/0/2 is in VLAN 1.
Ethernet 1/0/2 implements port-based access control.
Ethernet 1/0/3 is in VLAN 5 and is for accessing the Internet.
The authentication server runs RADIUS and is in VLAN 2.
The update server in VLAN 10 is for client software download and upgrade.
If no user performs 802.1X authentication on Ethernet 1/0/2 within a period of time, the device adds Ethernet 1/0/2 to its guest VLAN, VLAN 10. The host and the update server are both in VLAN 10 and the host can access the update server and download the 802.1X client software.
After the host passes 802.1X authentication, the network access device assigns the host to VLAN 5 where Ethernet 1/0/3 is. The host can access the Internet.
Figure 29: Network diagram