beautypg.com

H3C Technologies H3C WX3000E Series Wireless Switches User Manual

Page 8

background image

ii

Initiating 802.1X authentication ································································································································· 107

 

802.1X client as the initiator······························································································································ 107

 

Access device as the initiator ····························································································································· 107

 

802.1X authentication procedures ···························································································································· 108

 

A comparison of EAP relay and EAP termination ···························································································· 109

 

EAP relay ······························································································································································ 109

 

EAP termination ··················································································································································· 111

 

Configuring 802.1X ··············································································································································· 113

 

H3C implementation of 802.1X ································································································································· 113

 

Access control methods ······································································································································ 113

 

Using 802.1X authentication with other features ···························································································· 113

 

Configuration prerequisites ········································································································································· 115

 

802.1X configuration task list ····································································································································· 115

 

Enabling EAP relay or EAP termination ····················································································································· 116

 

Setting the maximum number of concurrent 802.1X users on a port ····································································· 117

 

Setting the maximum number of authentication request attempts ··········································································· 117

 

Setting the 802.1X authentication timeout timers ····································································································· 118

 

Configuring the online user handshake function ······································································································ 118

 

Configuration guidelines ···································································································································· 119

 

Configuration procedure ···································································································································· 119

 

Configuring the authentication trigger function ········································································································ 119

 

Configuration guidelines ···································································································································· 119

 

Configuration procedure ···································································································································· 120

 

Specifying a mandatory authentication domain on a port ······················································································ 120

 

Configuring the quiet timer ········································································································································· 121

 

Enabling the periodic online user re-authentication function ··················································································· 121

 

Configuring an 802.1X guest VLAN ························································································································· 122

 

Configuration guidelines ···································································································································· 122

 

Configuration prerequisites ································································································································ 122

 

Configuration procedure ···································································································································· 122

 

Configuring an Auth-Fail VLAN ·································································································································· 123

 

Configuration guidelines ···································································································································· 123

 

Configuration prerequisites ································································································································ 123

 

Configuration procedure ···································································································································· 123

 

Specifying supported domain name delimiters ········································································································· 124

 

Configuring the accounting delay feature ················································································································· 124

 

Displaying and maintaining 802.1X ························································································································· 125

 

802.1X authentication configuration example ········································································································· 125

 

Network requirements ········································································································································· 125

 

Configuration procedure ···································································································································· 126

 

Verifying the configuration ································································································································· 129

 

802.1X with ACL assignment configuration example ····························································································· 129

 

Network requirements ········································································································································· 129

 

Configuration procedure ···································································································································· 129

 

Verifying the configuration ································································································································· 131

 

Configuring MAC authentication ··························································································································· 132

 

Overview ······································································································································································· 132

 

User account policies ·········································································································································· 132

 

Authentication approaches ································································································································ 132

 

MAC authentication timers ································································································································· 133

 

Using MAC authentication with other features ········································································································· 133

 

VLAN assignment ················································································································································ 133

 

ACL assignment ··················································································································································· 133