Configuration Guide 581
Configuring Network Security 802.1X Configuration
Step 2 dot1x system-auth-control
Enable 802.1X authentication globally.
Step 3 dot1x auth-method { pap | eap }
Configure the 802.1X authentication method.
pap
:
Specify the
authentication method as PAP. If this option is selected, the 802.1X
authentication system uses EAP (Extensible Authentication Protocol) packets to
exchange information between the switch and the client. The transmission of EAP
packets is terminated at the switch and the EAP packets are converted to other
protocol (such as RADIUS) packets, and transmitted to the authentication server.
eap: Specify the
authentication method as EAP. If this option is selected, the 802.1X
authentication system uses EAP packets to exchange information between the
switch and the client. The EAP packets with authentication data are encapsulated
in the advanced protocol (such as RADIUS) packets, and transmitted to the
authentication server.
Step 4 dot1x guest-vlan
vid
(Optional) Enable guest VLAN globally.
vid
:
Specify the ID of the VLAN to be configured as the guest VLAN. It must be an
existing VLAN with the ID ranging from 2 to 4094. Clients in the guest VLAN can only
access resources from specific VLANs.
Step 5 dot1x quiet-period [time]
(Optional) Enable the quiet feature for 802.1X authentication and configure the quiet
period.
time: Set a value between 1 and 999 seconds for the quiet period. It is 10 seconds by
default. The quiet period starts after the authentication fails. During the quiet period,
the switch does not process authentication requests from the same client.
Step 6 dot1x timeout supplicant-timeout
time
Configure the supplicant timeout period.
time
:
Specify the maximum time for which the switch waits for response from the
client. It ranges from 1 to 9 seconds and the default time is 3 seconds. If the switch
does not receive any reply from the client within the specified time, it will resend the
request.
Step 7 dot1x max-reauth-req
times
Specify the maximum number of attempts to send the authentication packet for the
client.
times:
The maximum attempts for the client to send the authentication packet. It
ranges from 1 to 9 and the default is 3.
Step 8 show dot1x global
(Optional) Verify global configurations of 802.1X.
To Next Page
Loading...
