1x basic configuration, Configuration prerequisites, Configuring 802.1x globally – H3C Technologies H3C S5120 Series Switches User Manual

1-13

Task

Remarks

Enabling the Quiet Timer

Optional

Enabling the Re-Authentication Function

Optional

Configuring a Guest VLAN

Optional

Configuring an Auth-Fail VLAN

Optional

802.1X Basic Configuration

Configuration Prerequisites

802.1X provides a method for implementing user identity authentication. However, 802.1X cannot

implement the authentication scheme solely by itself. RADIUS or local authentication must be

configured to work with 802.1X.

z

Configure the ISP domain to which the 802.1X user belongs and the AAA scheme to be used (that

is, local authentication or RADIUS).

z

For remote RADIUS authentication, the username and password information must be configured

on the RADIUS server.

z

For local authentication, the username and password information must be configured on the device

and the service type must be set to lan-access.

For detailed configuration of the RADIUS client, refer to AAA Configuration.

Configuring 802.1X Globally

Follow these steps to configure 802.1X globally:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enable 802.1X globally

dot1x

Required

Disabled by default

Specify the authentication
method

dot1x authentication-method
{ chap | eap | pap }

Optional

CHAP by default

Specify the port authorization
mode for specified or all ports

dot1x port-control
{ authorized-force | auto |
unauthorized-force }
[ interface interface-list ]

Optional

auto by default

Specify the port access control
method for specified or all ports

dot1x port-method
{ macbased | portbased }
[ interface interface-list ]

Optional

macbased by default

Set the maximum number of
users for specified or all ports

dot1x max-user user-number
[ interface interface-list ]

Optional

256 by default