beautypg.com

Enabling eap relay or eap termination – H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 130

background image

116

Task Remarks

Enable port security to enable 802.1X

Required.
Disabled by default.
802.1X must work with the port

security feature to function on a
WLAN port.

Enabling EAP relay or EAP termination

Optional.

Setting the maximum number of concurrent 802.1X users on a port

Optional.

Setting the maximum number of authentication request attempts

Optional.

Setting the 802.1X authentication timeout timers

Optional.

Configuring the online user handshake function

Optional.

Configuring the authentication trigger function

Optional.

Specifying a mandatory authentication domain on a port

Optional.

Configuring the quiet timer

Optional.

Enabling the periodic online user re-authentication function

Optional.

Configuring an 802.1X guest VLAN

Optional.

Configuring an Auth-Fail VLAN

Optional.

Specifying supported domain name delimiters

Optional.

Configuring the accounting delay feature

Optional.

Enabling EAP relay or EAP termination

When configuring EAP relay or EAP termination, consider the following factors:

The support of the RADIUS server for EAP packets

The authentication methods supported by the 802.1X client and the RADIUS server

If the client is using only MD5-Challenge EAP authentication or the "username + password" EAP
authentication initiated by an H3C iNode 802.1X client, you can use both EAP termination and EAP relay.

To use EAP-TL, PEAP, or any other EAP authentication methods, you must use EAP relay. When you make

your decision, see "

A comparison of EAP relay and EAP termination

" for help.

For more information about EAP relay and EAP termination, see "

802.1X authentication procedures

."

To configure EAP relay or EAP termination:

Step Command

Remarks

1.

Enter system view.

system-view

N/A