H3C Technologies H3C WX3000E Series Wireless Switches User Manual

345

Figure 334 Configuring userlogin-secure/userlogin-secure-ext port security (userlogin-secure

is taken for example)

Table 124 Configuration items

Item Description

Port Mode

•

userlogin-secure—Perform MAC-based 802.1X authentication for access

users. In this mode, multiple 802.1X authenticated users can access the

port, but only one user can be online.

•

userlogin-secure-ext—Perform MAC-based 802.1X authentication for

access users. In this mode, the port supports multiple 802.1X users.

Max User

Control the maximum number of users allowed to access the network through
the port.

Mandatory Domain

Select an existing domain from the list.
The default domain is system. To create a domain, select Authentication >
AAA from the navigation tree, click the Domain Setup tab, and enter a new

domain name in the Domain Name field.

•

The selected domain name applies to only the current wireless service,

and all clients accessing the wireless service use this domain for

authentication, authorization, and accounting.

•

Do not delete a domain name in use. Otherwise, the clients that access

the wireless service will be logged out.

Authentication
Method

•

EAP—Use the Extensible Authentication Protocol (EAP). With EAP
authentication, the authenticator encapsulates 802.1X user information in

the EAP attributes of RADIUS packets and sends the packets to the

RADIUS server for authentication. It is not required to repackage the EAP

packets into standard RADIUS packets for authentication.

•

CHAP—Use the Challenge Handshake Authentication Protocol (CHAP).

By default, CHAP is used. CHAP transmits usernames in simple text and

passwords in cipher text over the network. This method is safer than the
other two methods.

•

PAP—Use the Password Authentication Protocol (PAP). PAP transmits
passwords in plain text.