224 CHAPTER 17: 802.1X CONFIGURATION
c
CAUTION:
■ 802.1x configurations take effect only after you enable 802.1x both globally
and for specified ports.
■ If you enable 802.1x for a port, you cannot set the maximum number of MAC
addresses that can be learnt for the port. Meanwhile, if you set the maximum
number of MAC addresses that can be learnt for a port, it is prohibited to
enable 802.1x for the port.
■ If you enable 802.1x for a port, it is not available to add the port to an
aggregation group. Meanwhile, if a port has been added to an aggregation
group, it is prohibited to enable 802.1x for the port.
■ Changing the access control method on a port by the dot1x port-method
command will forcibly log out the online 802.1x users on the port.
■ When a device operates as an authentication server, its authentication method
for 802.1x users cannot be configured as EAP.
■ Handshaking packets need the support of the 3Com-proprietary client. They
are used to test whether or not a user is online.
■ As clients that are not of 3Com do not support the online user handshaking
function, switches cannot receive handshaking acknowledgement packets
Enable
802.1x for
specified
ports
In system
view
dot1x interface interface-list Required
By default, 802.1x is disabled on
all ports.
In port
view
interface interface-type
interface-number
dot1x
quit
Set port access control
mode for specified
ports
dot1x port-control {
authorized-force |
unauthorized-force | auto } [
interface interface-list ]
Optional
By default, an 802.1x-enabled
port operates in the auto mode.
Set port access
method for specified
ports
dot1x port-method {
macbased | portbased } [
interface interface-list ]
Optional
The default port access method is
MAC-address-based (that is, the
macbased keyword is used by
default).
Set authentication
method for 802.1x
users
dot1x authentication-method
{ chap | pap | eap }
Optional
By default, a switch performs
CHAP authentication in EAP
terminating mode.
Enable online user
handshaking
dot1x handshake enable Optional
By default, online user
handshaking is enabled.
Enter Ethernet port
view
interface interface-type
interface-number
-
Enable the
handshaking packet
secure function
dot1x handshake secure Optional
By default, the handshaking
secure function is disabled.
Table 162 Configure basic 802.1x functions
Operation Command Remarks
To Next Page
Loading...
