H3C Technologies H3C WA3600 Series Access Points User Manual

275

Table 101 Configuration items

Item Description

Port Mode

•

mac-else-userlogin-secure—This mode is the combination of the
mac-authentication and userlogin-secure modes, with MAC authentication

having a higher priority. Upon receiving a non-802.1X frame, a port in this
mode performs only MAC authentication; upon receiving an 802.1X

frame, the port performs MAC authentication and then, if MAC

authentication fails, 802.1X authentication.

•

mac-else-userlogin-secure-ext—This mode is similar to the

mac-else-userlogin-secure mode, except that it supports multiple 802.1X

and MAC authentication users on the port.

•

userlogin-secure-or-mac—This mode is the combination of the

userlogin-secure and mac-authentication modes, with 802.1X

authentication having a higher priority. For a wireless user, 802.1X
authentication is performed first. If 802.1X authentication fails, MAC

authentication is performed.

•

userlogin-secure-or-mac-ext—This mode is similar to the
userlogin-secure-or-mac mode, except that it supports multiple 802.1X and

MAC authentication users on the port.

Select Wireless Service > Access Service from the navigation tree, and click

MAC Authentication List to enter the page for configuring a MAC

authentication list. On the page, enter the MAC address of the client.

Max User

Control the maximum number of users allowed to access the network through
the port.

Mandatory Domain

Select an existing domain from the drop-down list. After a mandatory domain
is configured, all 802.1X users accessing the port are forced to use the
mandatory domain for authentication, authorization, and accounting.
The default domain is system. To create a domain, select Authentication >
AAA from the navigation tree, click the Domain Setup tab, and enter a new

domain name in the Domain Name field.

Authentication Method

•

EAP—Use the Extensible Authentication Protocol (EAP). With EAP
authentication, the authenticator encapsulates 802.1X user information in

the EAP attributes of RADIUS packets and sends the packets to the RADIUS

server for authentication; it does not need to repackage the EAP packets
into standard RADIUS packets for authentication.

•

CHAP—Use the Challenge Handshake Authentication Protocol (CHAP).

By default, CHAP is used. CHAP transmits usernames in plain text and
passwords in cipher text over the network. Therefore this method is safer.

•

PAP—Use the Password Authentication Protocol (PAP). PAP transmits

passwords in plain text.

Handshake

•

Enable—Enable the online user handshake function so that the device can
periodically send handshake messages to a user to check whether the user

is online. By default, the function is enabled.

•

Disable—Disable the online user handshake function.