Operation Manual – 802.1x-System Guard
H3C S3100 Series Ethernet Switches Chapter 1 802.1x Configuration
1-16
Operation Command Remarks
Set authentication
method for 802.1x
users
dot1x
authentication-method
{ chap | pap | eap }
Optional
By default, a switch performs
CHAP authentication in EAP
terminating mode.
Enable online user
handshaking
dot1x handshake enable
Optional
By default, online user
handshaking is enabled.
Enter Ethernet port
view
interface interface-type
interface-number
—
Enable the
handshaking
packet secure
function
dot1x handshake secure
Optional
By default, the handshaking
secure function is disabled.
Caution:
z 802.1x configurations take effect only after you enable 802.1x both globally and for
specified ports.
z If you enable 802.1x for a port, you cannot set the maximum number of MAC
addresses that can be learnt for the port. Meanwhile, if you set the maximum
number of MAC addresses that can be learnt for a port, it is prohibited to enable
802.1x for the port.
z If you enable 802.1x for a port, it is not available to add the port to an aggregation
group. Meanwhile, if a port has been added to an aggregation group, it is prohibited
to enable 802.1x for the port.
z Changing the access control method on a port by the dot1x port-method command
will forcibly log out the online 802.1x users on the port.
z When a device operates as an authentication server, its authentication method for
802.1x users cannot be configured as EAP.
z Handshaking packets need the support of the H3C-proprietary client. They are used
to test whether or not a user is online.
z As clients that are not of H3C do not support the online user handshaking function,
switches cannot receive handshaking acknowledgement packets from them in
handshaking periods. To prevent users being falsely considered offline, you need to
disable the online user handshaking function in this case.
z For the handshaking packet secure function to take effect, the clients that enable
the function need to cooperate with the authentication server. If either the clients or
the authentication server does not support the function, disabling the handshaking
packet secure function is needed.
To Next Page
Loading...
Need help?
General