H3C Technologies H3C WX3000E Series Wireless Switches User Manual

347

Table 125 Configuration items

Item Description

Port Mode

•

mac-else-userlogin-secure—This mode is the combination of the
mac-authentication and userlogin-secure modes. MAC

authentication has a higher priority than the userlogin-secure
mode. Upon receiving a non-802.1X frame, a port in this mode

performs only MAC authentication. When it receives an 802.1X

frame, the port performs MAC authentication and if MAC

authentication fails, the port performs 802.1X authentication.

•

mac-else-userlogin-secure-ext—This mode is similar to the

mac-else-userlogin-secure mode, except that it supports multiple

802.1X and MAC authentication users on the port.

•

userlogin-secure-or-mac—This mode is the combination of the

userlogin-secure and mac-authentication modes, with 802.1X
authentication having a higher priority. For a wireless user, 802.1X

authentication is performed first. If 802.1X authentication fails,

MAC authentication is performed.

•

userlogin-secure-or-mac-ext—This mode is similar to the

userlogin-secure-or-mac mode, except that it supports multiple

802.1X and MAC authentication users on the port.

Select Wireless Service > Access Service from the navigation tree,

click MAC Authentication List, and enter the MAC address of the
client.

Max User

Control the maximum number of users allowed to access the network
through the port.

Mandatory Domain

Select an existing domain from the list. After a mandatory domain is
configured, all 802.1X users accessing the port are forced to use the

mandatory domain for authentication, authorization, and accounting.
The default domain is system. To create a domain, select
Authentication > AAA from the navigation tree, click the Domain

Setup tab, and enter a new domain name in the Domain Name field.

Authentication Method

•

EAP—Use the Extensible Authentication Protocol (EAP). With EAP
authentication, the authenticator encapsulates 802.1X user

information in the EAP attributes of RADIUS packets and sends the

packets to the RADIUS server for authentication. It is not required to
repackage the EAP packets into standard RADIUS packets for

authentication.

•

CHAP—Use the Challenge Handshake Authentication Protocol

(CHAP). By default, CHAP is used. CHAP transmits usernames in

simple text and passwords in cipher text over the network. This

method is safer than the other two methods.

•

PAP—Use the Password Authentication Protocol (PAP). PAP

transmits passwords in plain text.

Handshake

•

Enable—Enable the online user handshake function so that the

device can periodically send handshake messages to a user to
identify whether the user is online. By default, the function is

enabled.

•

Disable—Disable the online user handshake function.