82
Parameters
dot1x: Performs 802.1X authentication only.
dot1x-then-mac: Performs 802.1X authentication first, and then MAC authentication. If the client
passes 802.1X authentication, MAC authentication is not performed.
mac: Performs MAC authentication only.
mac-then-dot1x: Performs MAC authentication first, and then 802.1X authentication. If the client
passes MAC authentication, 802.1X authentication is not performed.
oui-then-dot1x: Performs OUI authentication first, and then 802.1X authentication. If the client
passes OUI authentication, 802.1X authentication is not performed.
Usage guidelines
This command is configurable when the service template is disabled, and it takes effect after the
service template is enabled.
A service template allows access of multiple authenticated clients in any authentication mode. To set
the maximum number of 802.1X clients, use the dot1x max-user command. To set the maximum
number of MAC authentication clients, use the mac-authentication max-user command.
Examples
# Set the authentication mode to mac for WLAN clients on service template service1.
<Sysname> system-view
[Sysname] wlan service-template service1
[Sysname-wlan-st-service1] client-security authentication-mode mac
client-security authorization-fail offline
Use client-security authorization-fail offline to enable the authorization-fail-offline feature.
Use undo client-security authorization-fail offline to disable the authorization-fail-offline feature.
Syntax
client-security authorization-fail offline
undo client-security authorization-fail offline
Default
The authorization-fail-offline feature is disabled.
Views
Service template view
Predefined user roles
network-admin
Usage guidelines
This command is configurable when the service template is disabled, and it takes effect after the
service template is enabled.
The authorization-fail-offline feature logs off WLAN clients that fail ACL or user profile authorization.
A WLAN client fails ACL or user profile authorization in the following situations:
• The device or server fails to authorize the specified ACL or user profile to the client.
• The authorized ACL or user profile does not exist.
If this feature is disabled, the device does not log off WLAN clients that fail ACL or user profile
authorization. However, the device outputs logs to report the failure.
To Next Page
Loading...
Need help?
General
