Basic 802.1x configuration, Configuration prerequisites, Configuring basic 802.1x functions – H3C Technologies H3C S3100 Series Switches User Manual

Page 379

Advertising
background image

1-14

z

802.1x users use domain names to associate with the ISP domains configured on switches

z

Configure the AAA scheme (a local authentication scheme or a RADIUS scheme) to be adopted in

the ISP domain.

z

If you specify to use a local authentication scheme, you need to configure the user names and

passwords manually on the switch. Users can pass the authentication through 802.1x client if they

provide user names and passwords that match those configured on the switch.

z

If you specify to adopt the RADIUS scheme, the supplicant systems are authenticated by a remote

RADIUS server. In this case, you need to configure user names and passwords on the RADIUS

server and perform RADIUS client-related configuration on the switches.

z

You can also specify to adopt the RADIUS authentication scheme, with a local authentication

scheme as a backup. In this case, the local authentication scheme is adopted when the RADIUS

server fails.

Refer to the AAA Operation Manual for detailed information about AAA scheme configuration.

Basic 802.1x Configuration

Configuration Prerequisites

z

Configure ISP domain and the AAA scheme to be adopted. You can specify a RADIUS scheme or

a local scheme.

z

Ensure that the service type is configured as lan-access (by using the service-type command) if

local authentication scheme is adopted.

Configuring Basic 802.1x Functions

Table 1-1 Configure basic 802.1x functions

Operation

Command

Remarks

Enter system view

system-view

Enable 802.1x globally

dot1x

Required

By default, 802.1x is disabled
globally.

In system
view

dot1x interface interface-list

interface interface-type
interface-number

dot1x

Enable
802.1x for
specified
ports

In port
view

quit

Required

By default, 802.1x is disabled on all
ports.

In system
view

dot1x port-control
{ authorized-force |
unauthorized-force | auto }
[ interface interface-list ]

interface interface-type
interface-number

Set port
access
control
mode for
specified
ports

In port
view

dot1x port-control
{ authorized-force |
unauthorized-force | auto }

Optional

By default, an 802.1x-enabled port
operates in the auto mode.

Advertising
See also other documents in the category H3C Technologies Routers: