H3C Technologies H3C S3100 Series Switches User Manual

Operation Manual – 802.1x

H3C S3100-52P Ethernet Switch

Chapter 1 802.1x Configuration

1-14

Operation

Command

Description

Use the following command

in system view:
dot1x

[ interface

interface-list

]

Enable 802.1x for

specified ports

Use the following command

in port view:
dot1x

Required
By default, 802.1x is disabled

on all ports.

Set port access

control mode for

specified ports

dot1x

port-control

{

authorized-force

|

unauthorized-force

| auto }

[ interface interface-list ]

Optional
By default, an 802.1x-enabled

port operates in the auto

mode.

Set port access

method for

specified ports

dot1x

port

-method

{ macbased | portbased }

[ interface interface-list ]

Optional
The default port access

method is

MAC-address-based (that is,

the macbased keyword is

used by default).

Set authentication

method for 802.1x

users

dot1x

authentication-method

{ chap | pap | eap }

Optional
By default, a switch performs

CHAP authentication in EAP

terminating mode.

Caution:

z

802.1x-related configurations can all be performed in system view. Port access
control mode and port access method can also be configured in port view.

z

If you perform a configuration in system view and do not specify the interface-list
argument, the configuration applies to all ports. Configurations performed in
Ethernet port view apply to the current Ethernet port only. In this case, the
interface-list

argument is not needed.

z

802.1x configurations take effect only after you enable 802.1x both globally and for
specified ports.

z

When a device operates as an authentication server, its authentication method for
802.1x users cannot be configured as EAP.