75
To do… Use the command… Remarks
3. Enable
802.1X on
a port.
In system view dot1x interface interface-list
Required.
Use either approach.
Disabled by default.
In Ethernet
interface view
interface interface-type interface-
number
dot1x
Enabling EAP relay or EAP termination
When you configure EAP relay or EAP termination, consider the following factors:
• The support of the RADIUS server for EAP packets
• The authentication methods supported by the 802.1X client and the RADIUS server
If the client is using only MD5-Challenge EAP authentication or the "username + password" EAP
authentication initiated by an HP iNode 802.1X client, you can use both EAP termination and EAP
relay. To use EAP-TL, PEAP, or any other EAP authentication methods, you must use EAP relay. When
you make your decision, see "A comparison of EAP relay and EAP termination" for help.
For more in
formation about EAP relay and EAP termination, see "802.1X authentication procedures."
To c
onfigure EAP relay or EAP termination:
To do… Use the command… Remarks
1. Enter system view.
system-view —
2. Configure EAP relay or EAP
termination.
dot1x authentication-method {
chap | eap | pap }
Optional.
By default, the network access
device performs EAP termination
and uses CHAP to communicate
with the RADIUS server.
Specify the eap keyword to
enable EAP termination.
Specify the chap or pap keyword
to enable CHAP-enabled or PAP-
enabled EAP relay.
If EAP relay mode is used, the user-name-format command configured in RADIUS scheme view does not
take effect. The access device sends the authentication data from the client to the server without any
modification. For more information about the user-name-format command, see Security Command
Reference.
Setting the port authorization state
The port authorization state determines whether the client is granted access to the network. You can
control the authorization state of a port by using the dot1x port-control command and the following
keywords:
• authorized-force—Places the port in the authorized state, enabling users on the port to access the
network without authentication.
• unauthorized-force—Places the port in the unauthorized state, denying any access requests from
users on the port.
To Next Page
Loading...
Need help?
General