1-13
Task Remarks
Enabling the Quiet Timer Optional
Enabling the Re-Authentication Function Optional
Configuring a Guest VLAN Optional
Configuring an Auth-Fail VLAN Optional
802.1X Basic Configuration
Configuration Prerequisites
802.1X provides a method for implementing user identity authentication. However, 802.1X cannot
implement the authentication scheme solely by itself. RADIUS or local authentication must be
configured to work with 802.1X.
z Configure the ISP domain to which the 802.1X user belongs and the AAA scheme to be used (that
is, local authentication or RADIUS).
z For remote RADIUS authentication, the username and password information must be configured
on the RADIUS server.
z For local authentication, the username and password information must be configured on the device
and the service type must be set to lan-access.
For detailed configuration of the RADIUS client, refer to AAA Configuration.
Configuring 802.1X Globally
Follow these steps to configure 802.1X globally:
To do… Use the command… Remarks
Enter system view
system-view
—
Enable 802.1X globally
dot1x
Required
Disabled by default
Specify the authentication
method
dot1x authentication-method
{ chap | eap | pap }
Optional
CHAP by default
Specify the port authorization
mode for specified or all ports
dot1x port-control
{ authorized-force | auto |
unauthorized-force }
[ interface interface-list ]
Optional
auto by default
Specify the port access control
method for specified or all ports
dot1x port-method
{ macbased | portbased }
[ interface interface-list ]
Optional
macbased by default
Set the maximum number of
users for specified or all ports
dot1x max-user user-number
[ interface interface-list ]
Optional
256 by default
To Next Page
Loading...
