66
Table 44 Configuration items
Item Description
Port Mode
• userlogin-secure—Perform port-based 802.1X authentication for
access users. In this mode, multiple 802.1X authenticated users can
access the port, but only one user can be online.
• userlogin-secure-ext—Perform MAC-based 802.1X authentication
for access users. In this mode, the port supports multiple 802.1X
users.
Max User
Control the maximum number of users allowed to access the network
through the port.
Mandatory Domain
Select an existing domain from the list.
The default domain is
system
. To create a domain, select
Authentication
>
AAA
from the navigation tree, click the
Domain Setup
tab, and type a new domain name in the
Domain Name
combo box.
• The selected domain name applies to only the current wireless
service, and all clients accessing the wireless service use this domain
for authentication, authorization, and accounting.
• Do not delete a domain name in use. Otherwise, the clients that
access the wireless service will be logged out.
Authentication Method
• EAP—Use EAP. With EAP authentication, the authenticator
encapsulates 802.1X user information in the EAP attributes of
RADIUS packets and sends the packets to the RADIUS server for
authentication; it does not need to repackage the EAP packets into
standard RADIUS packets for authentication.
• CHAP—Use CHAP. By default, CHAP is used. CHAP transmits only
user names rather than passwords over the network. Therefore this
method is safer.
• PAP—Use PAP. PAP transmits passwords in plain text.
Handshake
• Enable—Enable the online user handshake function so that the
device can periodically send handshake messages to a user to check
whether the user is online. By default, the function is enabled.
• Disable—Disable the online user handshake function.
Multicast Trigger
• Enable—Enable the multicast trigger function of 802.1X to send
multicast trigger messages to the clients periodically for initiating
authentication. By default, the multicast trigger function is enabled.
• Disable—Disable the 802.1X multicast trigger function.
IMPORTANT:
For a WLAN, the clients can actively initiate authentication, or the AP can
discover users and trigger authentication. Therefore, the ports do not need
to send 802.1X multicast trigger messages periodically for initiating
authentication. H3C recommends that you disable the multicast trigger
function in a WLAN because the multicast trigger messages consume
bandwidth.
5. Configure the other four port security modes:
To Next Page
Loading...
Need help?
General
