1-14
Basic 802.1x Configuration
Configuration Prerequisites
z Configure ISP domain and the AAA scheme to be adopted. You can specify a RADIUS scheme or
a local scheme.
z Ensure that the service type is configured as lan-access (by using the service-type command) if
local authentication scheme is adopted.
Configuring Basic 802.1x Functions
Follow these steps to configure basic 802.1x functions:
To do… Use the command… Remarks
Enter system view
system-view
—
Enable 802.1x globally
dot1x
Required
By default, 802.1x is disabled
globally.
In system
view
dot1x interface interface-list
interface interface-type
interface-number
dot1x
Enable
802.1x for
specified
ports
In port view
quit
Required
By default, 802.1x is disabled on all
ports.
In system
view
dot1x port-control
{ authorized-force |
unauthorized-force | auto }
[ interface interface-list ]
interface interface-type
interface-number
dot1x port-control
{ authorized-force |
unauthorized-force | auto }
Set port
authorization
mode for
specified
ports
In port view
quit
Optional
By default, an 802.1x-enabled port
operates in the auto mode.
In system
view
dot1x port-method
{ macbased | portbased }
[ interface interface-list ]
interface interface-type
interface-number
dot1x port-method
{ macbased | portbased }
Set access
control
method for
specified
ports
In port view
quit
Optional
The default access control method
on a port is MAC-based (that is, the
macbased keyword is used by
default).
Set authentication method
for 802.1x users
dot1x
authentication-method
{ chap | pap | eap }
Optional
By default, a switch performs CHAP
authentication in EAP terminating
mode.
To Next Page
Loading...
