Hà Nội: NTT03, Line 1, Thống Nhất Complex, 82 Nguyễn Tuân, Thanh Xuân, Hà Nội. ● HCM: Số 31B, Đường 1, Phường An Phú, Quận 2 (Thủ Đức), TP HCM. ===> Đơn Vị Hàng Đầu Trong Lĩnh Vực Cung Cấp Thiết Bị Security - Network - Wifi - CCTV - Conference - Máy chủ Server - Lưu trữ Storge.
Danh mục sản phẩm

Configure 802.1X Free-Client Authentication

Network Requirements

  1. The network printer is connected to IP Network via Device; Device adopts the 802.1X access control;
  2. Device regularly performs the offline detection for the network printer.
  3. Use the RADIUS authentication mode.
  4. After passing the authentication, the network printer can execute the printing task from IP Network.

Network Topology

Networking of configuring the 802.1X free-client authentication

Figure 12-9 Networking of configuring the 802.1X free-client authentication

Configuration Steps

Step 1: Configure the link type of the VLAN and interface on Device.

#Create VLAN2–VLAN3 on Device.

Device#configure terminal
Device(config)#vlan 2-3
Device(config)#exit

#Configure the link type of interface gigabitethernet 0/1 as Access, permitting services of VLAN2 to pass.

Device(config)#interface gigabitethernet 0/1
Device(config-if-gigabitethernet0/1)#switchport mode access
Device(config-if-gigabitethernet0/1)#switchport access vlan 2
Device(config-if-gigabitethernet0/1)#exit

#Configure the port link type on gigabitethernet0/2–gigabitethernet0/3 of Device as Access, permitting the services of VLAN2–VLAN3 to pass. (Omitted)

Step 2: Configure the interface IP address of Device.

#Configure the IP address of VLAN3 as 130.255.167.1/24.

Device(config)#interface vlan 3
Device(config-if-vlan3)#ip address 130.255.167.1 255.255.255.0
Device(config-if-vlan3)#exit

Step 3: Configure the AAA authentication.

#Enable the AAA authentication on Device2, and adopt the RADIUS authentication mode. The server key is admin, the priority is 1, and the RADIUS server address is 130.255.167.167/24.

Device(config)#domain system
Device(config-isp-system)# aaa authentication dot1x radius-group radius
Device(config-isp-system)#exit
Device(config)#aaa server group radius radius
Device(config-sg-radius-radius)#server 130.255.167.167 priority 1 key admin

Step 4: Configure the AAA server.

#Configure the user name, password, and key as admin on the AAA server. (Omitted)

Step 5: Configure the 802.1X authentication.

#Configure the 802.1X free-client authentication mode, and use the MAC address of the network printer as user name and password.

Device(config)#interface gigabitethernet 0/1
Device(config-if-gigabitethernet0/1)#dot1x mac-authentication enable
Device(config-if-gigabitethernet0/1)#exit

#Configure Device to perform the offline detection for the printer every 120s.

Device(config)#interface gigabitethernet 0/1
Device(config-if-gigabitethernet0/1)#dot1x timeout offline-detect 120
Device(config-if-gigabitethernet0/1)#exit

Step 6: Check the result.

#The network printer can pass the authentication and can execute the printing task from IP Network.

Device#show dot1x user 
-------------------------------------------
NO 1       : MAC_ADDRESS= 3883.45ef.f395     STATUS=     Authorized         USER_NAME= 38-83-45-ef-f3-95
         VLAN=    2        INTERFACE= gi0/1             USER_TYPE= DOT1X
         AUTH_STATE=   AUTHENTICATED     BACK_STATE=   IDLE                    IP_ADDRESS= 199.0.0.3
         IPV6_ADDRESS= Unknown
 
         Online time: 0 week 0 day 0 hours 1 minutes 6 seconds
Total: 1    Authorized: 1 Unauthorized/guest/critical: 0/0/0 Unknown: 0