beautypg.com

Acl assignment, 1x configuration, Configuration prerequisites – H3C Technologies H3C S7500E Series Switches User Manual

Page 102: 1x configuration task list

background image

5-12

z

MAFV refers to the Auth-Fail VLAN configured on a port that uses the MAC-based access

control method. With MAFV configured on a port, if a user on the port fails authentication,

the user will be authorized to access the resources in the Auth-Fail VLAN. If the user

initiates authentication again and passes the authentication, the device will add the user to

the assigned VLAN or return the user to the initial VLAN of the port, depending on whether

the authentication server assigns a VLAN.

ACL assignment

ACLs provide a way of controlling access to network resources and defining access rights.

When a user logs on through a port, and the RADIUS server is configured with authorization

ACLs, the device will permit or deny data flows traversing through the port according to the

authorization ACLs. Before specifying authorization ACLs on the server, you need to configure

the ACL rules on the device. You can change the access rights of users by modifying

authorization ACL settings on the RADIUS server or changing the corresponding ACL rules on

the device.

802.1X Configuration

Configuration Prerequisites

802.1X provides a method for implementing user identity authentication. However, 802.1X

cannot implement the authentication scheme solely by itself. RADIUS or local authentication

must be configured to work with 802.1X.

z

Configure the ISP domain to which the 802.1X user belongs and the AAA scheme to be

used (that is, local authentication or RADIUS).

z

For remote RADIUS authentication, the username and password information must be

configured on the RADIUS server.

z

For local authentication, the username and password information must be configured on

the device and the service type must be set to lan-access.

For more information about the RADIUS client configuration, see AAA Configuration in the

Security Configuration Guide.

802.1X Configuration Task List

Complete the following tasks to configure 802.1X:

Task

Remarks

Enabling 802.1X on a Port

Required

Specifying the Authentication Method of 802.1X Users

Optional

Specifying the Port Authorization Mode

Optional

Specifying the Access Control Method

Optional

Configuring the Maximum Number of Users Accessible to a Port

Optional

Setting the Maximum Number of Attempts for Sending an

Authentication Request

Optional

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: