71
Task Remarks
Specifying EAP relay or EAP termination Optional
Setting the port authorization state Optional
Specifying an access control method Optional
Setting the maximum number of concurrent 802.1X users on a port Optional
Setting the maximum number of authentication request attempts Optional
Setting the 802.1X authentication timeout timers Optional
Configuring the online user handshake function Optional
Configuring the authentication trigger function Optional
Specifying a mandatory authentication domain on a port Optional
Enabling the quiet timer Optional
Enabling the periodic online user re-authentication function Optional
Configuring an 802.1X guest VLAN Optional
Configuring an Auth-Fail VLAN Optional
Specifying supported domain name delimiters Optional
Enabling 802.1X
Configuration guidelines
• If the default VLAN of a port is a voice VLAN, the 802.1X function cannot take effect on the port. For
more information about voice VLANs, see the Layer 2
—
LAN Switching Configuration Guide.
• 802.1X is mutually exclusive with link aggregation group configuration on a port.
• On an 802.1X and MAC authentication enabled port, the EAP packet from an unknown MAC
address immediately triggers 802.1X authentication, and any other type of packet from an
unknown MAC address triggers MAC authentication 30 seconds after its arrival.
Configuration procedure
Follow these steps to enable 802.1X on a port:
To do… Use the command… Remarks
Enter system view system-view —
Enable 802.1X globally dot1x
Required
Disabled by default.
Enable 802.1X
on a port
In system view dot1x interface interface-list
Required
Use either approach.
Disabled by default.
In Layer 2
Ethernet
interface view
interface interface-type interface-number
dot1x
To Next Page
Loading...
