Configure 802.1X Free-Client Authentication
Network Requirements
- The network printer is connected to IP Network via Device; Device adopts the 802.1X access control;
- Device regularly performs the offline detection for the network printer.
- Use the RADIUS authentication mode.
- After passing the authentication, the network printer can execute the printing task from IP Network.
Network Topology
Figure 12-9 Networking of configuring the 802.1X free-client authentication
Configuration Steps
Step 1: Configure the link type of the VLAN and interface on Device.
#Create VLAN2–VLAN3 on Device.
Device#configure terminal
Device(config)#vlan 2-3
Device(config)#exit
|
#Configure the link type of interface gigabitethernet 0/1 as Access, permitting services of VLAN2 to pass.
Device(config)#interface gigabitethernet 0/1
Device(config-if-gigabitethernet0/1)#switchport mode access
Device(config-if-gigabitethernet0/1)#switchport access vlan 2
Device(config-if-gigabitethernet0/1)#exit
|
#Configure the port link type on gigabitethernet0/2–gigabitethernet0/3 of Device as Access, permitting the services of VLAN2–VLAN3 to pass. (Omitted)
Step 2: Configure the interface IP address of Device.
#Configure the IP address of VLAN3 as 130.255.167.1/24.
Device(config)#interface vlan 3
Device(config-if-vlan3)#ip address 130.255.167.1 255.255.255.0
Device(config-if-vlan3)#exit
|
Step 3: Configure the AAA authentication.
#Enable the AAA authentication on Device2, and adopt the RADIUS authentication mode. The server key is admin, the priority is 1, and the RADIUS server address is 130.255.167.167/24.
Device(config)#domain system
Device(config-isp-system)# aaa authentication dot1x radius-group radius
Device(config-isp-system)#exit
Device(config)#aaa server group radius radius
Device(config-sg-radius-radius)#server 130.255.167.167 priority 1 key admin
|
Step 4: Configure the AAA server.
#Configure the user name, password, and key as admin on the AAA server. (Omitted)
Step 5: Configure the 802.1X authentication.
#Configure the 802.1X free-client authentication mode, and use the MAC address of the network printer as user name and password.
Device(config)#interface gigabitethernet 0/1
Device(config-if-gigabitethernet0/1)#dot1x mac-authentication enable
Device(config-if-gigabitethernet0/1)#exit
|
#Configure Device to perform the offline detection for the printer every 120s.
Device(config)#interface gigabitethernet 0/1
Device(config-if-gigabitethernet0/1)#dot1x timeout offline-detect 120
Device(config-if-gigabitethernet0/1)#exit
|
Step 6: Check the result.
#The network printer can pass the authentication and can execute the printing task from IP Network.
Device#show dot1x user
-------------------------------------------
NO 1 : MAC_ADDRESS= 3883.45ef.f395 STATUS= Authorized USER_NAME= 38-83-45-ef-f3-95
VLAN= 2 INTERFACE= gi0/1 USER_TYPE= DOT1X
AUTH_STATE= AUTHENTICATED BACK_STATE= IDLE IP_ADDRESS= 199.0.0.3
IPV6_ADDRESS= Unknown
Online time: 0 week 0 day 0 hours 1 minutes 6 seconds
Total: 1 Authorized: 1 Unauthorized/guest/critical: 0/0/0 Unknown: 0