H3C Technologies H3C WA3600 Series Access Points User Manual

273

Figure 273 userlogin-secure/userlogin-secure-ext port security configuration page (userlogin-secure is

taken for example)

Table 100 Configuration items

Item Description

Port Mode

•

userlogin-secure—Perform port-based 802.1X authentication for access

users. In this mode, multiple 802.1X authenticated users can access the
port, but only one user can be online.

•

userlogin-secure-ext—Perform MAC-based 802.1X authentication for

access users. In this mode, the port supports multiple 802.1X users.

Max User

Control the maximum number of users allowed to access the network through
the port.

Mandatory Domain

Select an existing domain from the list.
The default domain is system. To create a domain, select Authentication >
AAA from the navigation tree, click the Domain Setup tab, and enter a new

domain name in the Domain Name field.

•

The selected domain name applies to only the current wireless service, and

all clients accessing the wireless service use this domain for authentication,

authorization, and accounting.

•

Do not delete a domain name in use. Otherwise, the clients that access the

wireless service are logged out.

Authentication Method

•

EAP—Use the Extensible Authentication Protocol (EAP). With EAP
authentication, the authenticator encapsulates 802.1X user information in

the EAP attributes of RADIUS packets and sends the packets to the RADIUS

server for authentication; it does not need to repackage the EAP packets
into standard RADIUS packets for authentication.

•

CHAP—Use the Challenge Handshake Authentication Protocol (CHAP). By

default, CHAP is used. CHAP transmits user names in plain text and
passwords cipher text over the network. Therefore this method is safer.

•

PAP—Use the Password Authentication Protocol (PAP). PAP transmits

passwords in plain text.