H3C Technologies H3C S5120 Series Switches User Manual

i

Table of Contents

1 802.1X Configuration·································································································································1-1

802.1X Overview·····································································································································1-1

Architecture of 802.1X ·····················································································································1-1

Authentication Modes of 802.1X ·····································································································1-2

Basic Concepts of 802.1X ···············································································································1-2

EAP over LAN ·································································································································1-3

EAP over RADIUS···························································································································1-5

802.1X Authentication Triggering ····································································································1-5

Authentication Process of 802.1X ···································································································1-6

802.1X Access Control Method·······································································································1-9

802.1X Timers ·································································································································1-9

Features Working Together with 802.1X·······················································································1-10

802.1X Configuration Task List·············································································································1-12

802.1X Basic Configuration ··················································································································1-13

Configuration Prerequisites ···········································································································1-13

Configuring 802.1X Globally··········································································································1-13

Configuring 802.1X for a Port········································································································1-14

Enabling the Online User Handshake Function····················································································1-15

Enabling the Multicast Trigger Function································································································1-16

Specifying a Mandatory Authentication Domain for a Port ···································································1-16

Enabling the Quiet Timer ······················································································································1-16

Enabling the Re-Authentication Function······························································································1-17

Configuring a Guest VLAN····················································································································1-17

Configuring an Auth-Fail VLAN·············································································································1-18

Displaying and Maintaining 802.1X·······································································································1-19

802.1X Configuration Example ·············································································································1-19

Guest VLAN and VLAN Assignment Configuration Example ·······························································1-22

ACL Assignment Configuration Example······························································································1-24