H3C Technologies H3C S12500-X Series Switches User Manual
Page 7
ii
802.1X overview ······················································································································································· 61
802.1X architecture ······················································································································································· 61
Controlled/uncontrolled port and port authorization status ······················································································ 61
802.1X-related protocols ·············································································································································· 62
Packet formats ························································································································································ 63
EAP over RADIUS ·················································································································································· 64
Initiating 802.1X authentication ··································································································································· 64
802.1X client as the initiator································································································································ 64
Access device as the initiator ······························································································································· 65
802.1X authentication procedures ······························································································································ 65
Comparing EAP relay and EAP termination ······································································································· 66
EAP relay ································································································································································ 66
EAP termination ····················································································································································· 68
Configuring 802.1X ·················································································································································· 70
H3C implementation of 802.1X ··································································································································· 70
Configuration prerequisites ··········································································································································· 70
802.1X configuration task list ······································································································································· 70
Enabling 802.1X ···························································································································································· 71
Enabling EAP relay or EAP termination ······················································································································· 71
Setting the port authorization state ······························································································································ 72
Specifying an access control method ·························································································································· 72
Setting the maximum number of concurrent 802.1X users on a port ······································································· 72
Setting the maximum number of authentication request attempts ············································································· 73
Setting the 802.1X authentication timeout timers ······································································································· 73
Configuring the online user handshake function ········································································································ 74
Configuring the authentication trigger function ·········································································································· 74
Configuration guidelines ······································································································································ 75
Configuration procedure ······································································································································ 75
Specifying a mandatory authentication domain on a port ························································································ 75
Configuring the quiet timer ··········································································································································· 76
Enabling the periodic online user re-authentication function ····················································································· 76
Displaying and maintaining 802.1X ··························································································································· 76
802.1X authentication configuration example ··········································································································· 77
Network requirements ··········································································································································· 77
Configuration procedure ······································································································································ 77
Verifying the configuration ··································································································································· 79
Configuring MAC authentication ······························································································································ 80
Overview ········································································································································································· 80
User account policies ············································································································································ 80
Authentication methods········································································································································· 80
Configuration prerequisites ··········································································································································· 81
Configuration task list ···················································································································································· 81
Enabling MAC authentication ······································································································································ 81
Specifying a MAC authentication domain ·················································································································· 82
Configuring the user account format ···························································································································· 82
Configuring MAC authentication timers ······················································································································ 83
Setting the maximum number of concurrent MAC authentication users on a port ·················································· 83
Configuring MAC authentication delay ······················································································································· 84
Displaying and maintaining MAC authentication ······································································································ 84
MAC authentication configuration examples ·············································································································· 85
Local MAC authentication configuration example····························································································· 85
RADIUS-based MAC authentication configuration example············································································· 86
- H3C S5560 Series Switches H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C WX3000 Series Unified Switches H3C LSWM1WCM10 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C S9800 Series Switches H3C S5130 Series Switches H3C S5120 Series Switches