90
Task Remarks
Configuring the authentication trigger function
Optional.
Specifying a mandatory authentication domain on a port
Optional.
Configuring the quiet timer
Optional.
Enabling the periodic online user re-authentication function
Optional.
Configuring an 802.1X guest VLAN
Optional.
Configuring an Auth-Fail VLAN
Optional.
Configuring an 802.1X critical VLAN
Optional.
Specifying supported domain name delimiters
Optional.
Configuring 802.1X MAC address binding
Optional.
Enabling 802.1X
Follow these guidelines when you enable 802.1X:
• If the PVID of a port is a voice VLAN, the 802.1X function cannot take effect on the port. For
more information about voice VLANs, see HPE FlexNetwork MSR Router Series Comware 5
Layer 2—LAN Switching Configuration Guide.
• 802.1X is mutually exclusive with link aggregation group configuration on a port.
• On an 802.1X and MAC authentication enabled port, the EAP packet from an unknown MAC
address immediately triggers 802.1X authentication, and any other type of packet from an
unknown MAC address triggers MAC authentication 30 seconds after its arrival.
To enable 802.1X:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enable 802.1X globally.
dot1x
By default, 802.1X is disabled
globally.
3. Enable 802.1X on a port
in system view or
Ethernet interface view.
• In system view:
dot1x interface interface-list
• In Ethernet interface view:
a. interface interface-type
interface-number
b. dot1x
By default, 802.1X is disabled
on a port.
Enabling EAP relay or EAP termination
When configuring EAP relay or EAP termination, consider the following factors:
• The support of the RADIUS server for EAP packets
• The authentication methods supported by the 802.1X client and the RADIUS server
You can use both EAP termination and EAP relay in any of the following situations:
• The client is using only MD5-Challenge EAP authentication. If EAP termination is used, you
must enable CHAP authentication on the access device.
To Next Page
Loading...
Need help?
General
