81
Enabling 802.1X
Configuration guidelines
• If the PVID of a port is a voice VLAN, the 802.1X function cannot take effect on the port. For more
information about voice VLANs, see Layer 2—LAN Switching Configuration Guide.
• 802.1X is mutually exclusive with link aggregation and service loopback group configuration on a
port.
• Do not use the BPDU drop feature on an 802.1X-enabled port. The BPDU drop feature discards
802.1X packets arrived on the port.
Configuration procedure
To enable 802.1X on a port:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Enable 802.1X globally. dot1x
By default, 802.1X is
disabled globally.
3. Enable 802.1X on a
port.
• In system view:
dot1x interface interface-list
• In Ethernet interface view:
a. interface interface-type
interface-number
b. dot1x
Use either method.
By default, 802.1X is
disabled on a port.
Enabling EAP relay or EAP termination
When you configure EAP relay or EAP termination, consider the following factors:
• The support of the RADIUS server for EAP packets
• The authentication methods supported by the 802.1X client and the RADIUS server
If the client is using only MD5-Challenge EAP authentication or the "username + password" EAP
authentication initiated by an HP iNode 802.1X client, you can use both EAP termination and EAP relay.
To use EAP-TL, PEAP, or any other EAP authentication methods, you must use EAP relay. When you make
your decision, see "A comparison of EAP relay and EAP termination" f
or help.
For more information about EAP relay and EAP termination, see "802.1X authentication procedures."
To configure EAP relay or EAP termination:
Step Command Remarks
1. Enter system view.
system-view N/A
To Next Page
Loading...
Need help?
General