Configuration Guide Configuring 802.1X
0023aeaa4286.
The user fails to ping 192.168.32.120 before authentication.
The user connects to the NAS, the authentication succeeds, and the user can successfully ping
192.168.32.120.
Information of the authenticated user is displayed.
ruijie# show dot1x summary
ID Username MAC Interface VLAN Auth-State Backend-State
Port-Status User-Type Time
--------- ---------- -------------- --------- ---- --------------- -------------
----------- --------- ------------------
16778217 0023aea... 0023.aeaa.4286 wlan 1 2 Authenticated Idle Authed
static 0days 0h 5m 8s
Common Errors
The MAC account format is incorrect on the authentication server.
4.4.4 Configuring Extended Functions
Configuration Effect
The multi-account function allows a user to switch its account upon re-authentication. In special scenarios such as
Windows domain authentication, multiple authentications are required to access the domain and the user account
changes during authentication. This function applies to these scenarios.
802.1X allows users to obtain IP addresses before accounting. In this manner, the IP address is carried during user
accounting, meeting service requirements. After a user is authenticated and goes online, the NAS can obtain the IP
address of the user from the supplicant or through DHCP snooping, and then 802.1X server initiates an accounting
request. To avoid the case in which the NAS does not initiate accounting for a long time due to failure to obtain the IP
address of the authentication client, configure the IP detection timeout for this function. If the NAS does not obtain the
IP address of the user within the configured time (5 minutes by default), it forces the user offline.
802.1X allows users to switch to the preset bypass WLAN when the RADIUS server is inaccessible. Survival WLANs
are generally in OPEN mode and their services are unavailable by default. If 802.1X-based WLAN services are
unavailable, enable this WLAN and disable WLAN-based 802.1X authentication so that users can switch to the bypass
WLAN to properly access the network.
802.1X can be used with Web authentication. If Web authentication is enabled on an 802.1X-enabled WLAN, users
perform 802.1X authentication only for encryption purposes. To access the network, they should also perform Web
authentication. In this case, all air interface data of users is encrypted, enhancing security of user data.
802.1X provides prompts on syslog printing of user online/offline. You can adjust the online/offline syslog printing rate
based on the user authentication rate to prevent high CPU utilization due to frequent syslog printing for a large number
of users going online/offline.
To Next Page
Loading...
