3 basic 802.1x configuration, 1 prerequisites, 2 configuring basic 802.1x functions – H3C Technologies H3C S3100 Series Switches User Manual

Operation Manual – 802.1x

H3C S3100-52P Ethernet Switch

Chapter 1 802.1x Configuration

1-13

z

802.1x users use domain names to associate with the ISP domains configured on
switches

z

Configure the AAA scheme (a local authentication scheme or the RADIUS scheme)
to be adopted in the ISP domain.

z

If you specify to adopt the RADIUS scheme, the supplicant systems are
authenticated by a remote RADIUS server. In this case, you need to configure
user names and passwords on the RADIUS server and perform RADIUS
client-related configuration on the switches.

z

If you specify to adopt a local authentication scheme, you need to configure user
names and passwords manually on the switches. Users can pass the
authentication through 802.1x client if they provide the user names and passwords
that match those configured on the switches.

z

You can also specify to adopt RADIUS authentication scheme, with a local
authentication scheme as a backup. In this case, the local authentication scheme
is adopted when the RADIUS server fails.

Refer to the AAA&RADIUS&RADIUS&HWTACACS&EAD Operation Manual for
detailed information about AAA scheme configuration.

1.3 Basic 802.1x Configuration

To utilize 802.1x features, you need to perform basic 802.1x configuration.

1.3.1 Prerequisites

z

Configure ISP domain and the AAA scheme to be adopted. You can specify a
RADIUS scheme or a local scheme.

z

Ensure that the service type is configured as lan-access (by using the
service-type

command) if local authentication scheme is adopted.

1.3.2 Configuring Basic 802.1x Functions

Table 1-1

Configure basic 802.1x functions

Operation

Command

Description

Enter system view system-view

—

Enable 802.1x

globally

dot1x

Required
By default, 802.1x is disabled

globally.