Configuring the EAD assistant feature
When you configure the EAD assistant feature, follow these restrictions and guidelines:
You must disable MAC authentication and port security globally before you enable the EAD assistant feature.
To make the EAD assistant feature take effect on an 802.1X-enabled port, you must set the port authorization mode to auto.
When global MAC authentication or port security is enabled, the free IP does not take effect.
If you use free IP, guest VLAN, and Auth-Fail VLAN features together, make sure the free IP segments are in both guest VLAN and Auth-Fail VLAN.
To allow a user to obtain a dynamic IP address before it passes 802.1X authentication, make sure the DHCP server is on the free IP segment.
The server that provides the redirect URL must be on the free IP accessible to unauthenticated users.
To avoid using up ACL resources when a large number of EAD users exist, you can shorten the EAD rule timer.
To configure the EAD assistant feature:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enable EAD assistant. | dot1x ead-assistant enable | By default, this feature is disabled. |
3. Configure a free IP. | dot1x ead-assistant free-ip ip-address { mask-length | mask-address } | By default, no free IP is configured. |
4. (Optional.) Configure the redirect URL. | dot1x ead-assistant url url-string | By default, no redirect URL is configured. Configure the redirect URL if users will use Web browsers to access the network. |
5. (Optional.) Set the EAD rule timer. | dot1x timer ead-timeout ead-timeout-value | The default setting is 30 minutes. |