H3C Technologies H3C WX3000E Series Wireless Switches User Manual

239

Table 94 Configuration items

Item Description

Port Mode

•

mac-else-userlogin-secure—This mode is the combination of
the mac-authentication and userlogin-secure modes, with MAC

authentication having a higher priority. Upon receiving a
non-802.1X frame, a port in this mode performs only MAC

authentication; upon receiving an 802.1X frame, the port

performs MAC authentication and then, if MAC authentication

fails, 802.1X authentication.

•

mac-else-userlogin-secure-ext—This mode is similar to the

mac-else-userlogin-secure mode, except that it supports multiple

802.1X and MAC authentication users on the port.

•

userlogin-secure-or-mac—This mode is the combination of the

userlogin-secure and mac-authentication modes, with 802.1X
authentication having a higher priority. For a wireless user,

802.1X authentication is performed first. If 802.1X

authentication fails, MAC authentication is performed.

•

userlogin-secure-or-mac-ext—This mode is similar to the

userlogin-secure-or-mac mode, except that it supports multiple

802.1X and MAC authentication users on the port.

Select Wireless Service > Access Service from the navigation tree,

click MAC Authentication List, and enter the MAC address of the
client.

Max User

Control the maximum number of users allowed to access the
network through the port.

Mandatory Domain

Select an existing domain from the list. After a mandatory domain
is configured, all 802.1X users accessing the port are forced to use

the mandatory domain for authentication, authorization, and

accounting.
The default domain is system. To create a domain, select
Authentication > AAA from the navigation tree, click the Domain

Setup tab, and enter a new domain name in the Domain Name

field.

Authentication Method

•

EAP—Use the Extensible Authentication Protocol (EAP). With
EAP authentication, the authenticator encapsulates 802.1X user

information in the EAP attributes of RADIUS packets and sends

the packets to the RADIUS server for authentication; it does not
need to repackage the EAP packets into standard RADIUS

packets for authentication.

•

CHAP—Use the Challenge Handshake Authentication Protocol

(CHAP). By default, CHAP is used. CHAP transmits usernames

in simple text and passwords in cipher text over the network.

Therefore this method is safer.

•

PAP—Use the Password Authentication Protocol (PAP). PAP

transmits passwords in plain text.

Handshake

•

Enable—Enable the online user handshake function so that the

device can periodically send handshake messages to a user to
check whether the user is online. By default, the function is

enabled.

•

Disable—Disable the online user handshake function.