Basic 802.1x configuration, Configuration prerequisites, Configuring basic 802.1x functions – H3C Technologies H3C S3600 Series Switches User Manual

1-13

Basic 802.1x Configuration

Configuration Prerequisites

z

Configure ISP domain and the AAA scheme to be adopted. You can specify a RADIUS scheme or

a local scheme.

z

Ensure that the service type is configured as lan-access (by using the service-type command) if

local authentication scheme is adopted.

Configuring Basic 802.1x Functions

Follow these steps to configure basic 802.1x functions:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enable 802.1x globally

dot1x

Required

By default, 802.1x is disabled
globally.

In system
view

dot1x interface interface-list

interface interface-type
interface-number

dot1x

Enable
802.1x for
specified
ports

In port view

quit

Required

By default, 802.1x is disabled on all
ports.

In system
view

dot1x port-control
{ authorized-force |
unauthorized-force | auto }
[ interface interface-list ]

interface interface-type
interface-number

dot1x port-control
{ authorized-force |
unauthorized-force | auto }

Set port
access
control mode
for specified
ports

In port view

quit

Optional

By default, an 802.1x-enabled port
operates in the auto mode.

In system
view

dot1x port-method
{ macbased | portbased }
[ interface interface-list ]

interface interface-type
interface-number

dot1x port-method
{ macbased | portbased }

Set port
access
method for
specified
ports

In port view

quit

Optional

The default port access method is
MAC-address-based (that is, the
macbased keyword is used by
default).

Set authentication method
for 802.1x users

dot1x
authentication-method
{ chap | pap | eap }

Optional

By default, a switch performs CHAP
authentication in EAP terminating
mode.