Configuring 802.1x, H3c implementation of 802.1x, Configuration prerequisites – H3C Technologies H3C S6300 Series Switches User Manual
Page 85: 1x configuration task list
70
Configuring 802.1X
This chapter describes how to configure 802.1X on an H3C device. You can also configure the port
security feature to perform 802.1X. Port security combines and extends 802.1X and MAC authentication.
It applies to a network that requires different authentication methods for different users on a port. It is
described in "
."
H3C implementation of 802.1X
H3C implements port-based access control as defined in the 802.1X protocol, and extends the protocol
to support MAC-based access control.
•
Port-based access control—Once an 802.1X user passes authentication on a port, any subsequent
user can access the network through the port without authentication. When the authenticated user
logs off, all other users are logged off.
•
MAC-based access control—Each user is separately authenticated on a port. When a user logs off,
no other online users are affected.
Configuration prerequisites
•
Configure an ISP domain and AAA scheme (local or RADIUS authentication) for 802.1X users.
•
If RADIUS authentication is used, create user accounts on the RADIUS server.
•
If local authentication is used, create local user accounts on the access device and set the service
type to lan-access.
For more information about RADIUS client configuration, see "
."
802.1X configuration task list
Tasks at a glance
Enabling EAP relay or EAP termination
(Optional.)
Setting the port authorization state
(Optional.)
Specifying an access control method
(Optional.)
Setting the maximum number of concurrent 802.1X users on a port
(Optional.)
Setting the maximum number of authentication request attempts
(Optional.)
Setting the 802.1X authentication timeout timers
(Optional.)
Configuring the online user handshake function
(Optional.)
Configuring the authentication trigger function
(Optional.)
Specifying a mandatory authentication domain on a port