beautypg.com

H3C Technologies H3C MSR 50 User Manual

Page 90

background image

69

Table 44 Configuration items

Item Description

Port Mode

userlogin-secure—Perform port-based 802.1X authentication for access
users. In this mode, multiple 802.1X authenticated users can access the

port, but only one user can be online.

userlogin-secure-ext—Perform MAC-based 802.1X authentication for

access users. In this mode, the port supports multiple 802.1X users.

Max User

Control the maximum number of users allowed to access the network through
the port.

Mandatory Domain

Select an existing domain from the list.
The default domain is system. To create a domain, select Authentication >
AAA from the navigation tree, click the Domain Setup tab, and type a new

domain name in the Domain Name combo box.

The selected domain name applies to only the current wireless service,

and all clients accessing the wireless service use this domain for

authentication, authorization, and accounting.

Do not delete a domain name in use. Otherwise, the clients that access the

wireless service will be logged out.

Authentication Method

EAP—Use EAP. With EAP authentication, the authenticator encapsulates

802.1X user information in the EAP attributes of RADIUS packets and
sends the packets to the RADIUS server for authentication; it does not need

to repackage the EAP packets into standard RADIUS packets for

authentication.

CHAP—Use CHAP. By default, CHAP is used. CHAP transmits only user

names rather than passwords over the network. Therefore this method is

safer.

PAP—Use PAP. PAP transmits passwords in plain text.

Handshake

Enable—Enable the online user handshake function so that the device can

periodically send handshake messages to a user to check whether the user

is online. By default, the function is enabled.

Disable—Disable the online user handshake function.

Multicast Trigger

Enable—Enable the multicast trigger function of 802.1X to send multicast

trigger messages to the clients periodically for initiating authentication. By

default, the multicast trigger function is enabled.

Disable—Disable the 802.1X multicast trigger function.

IMPORTANT:

For a WLAN, the clients can actively initiate authentication, or the AP can

discover users and trigger authentication. Therefore, the ports do not need to

send 802.1X multicast trigger messages periodically for initiating
authentication. H3C recommends that you disable the multicast trigger function

in a WLAN because the multicast trigger messages consume bandwidth.

5.

Configure the other four port security modes:

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: