1x basic configuration, Configuration prerequisites, Configuring 802.1x globally – H3C Technologies H3C S5120 Series Switches User Manual
Page 391
1-13
Task
Remarks
Optional
Enabling the Re-Authentication Function
Optional
Optional
Optional
802.1X Basic Configuration
Configuration Prerequisites
802.1X provides a method for implementing user identity authentication. However, 802.1X cannot
implement the authentication scheme solely by itself. RADIUS or local authentication must be
configured to work with 802.1X.
z
Configure the ISP domain to which the 802.1X user belongs and the AAA scheme to be used (that
is, local authentication or RADIUS).
z
For remote RADIUS authentication, the username and password information must be configured
on the RADIUS server.
z
For local authentication, the username and password information must be configured on the device
and the service type must be set to lan-access.
For detailed configuration of the RADIUS client, refer to AAA Configuration.
Configuring 802.1X Globally
Follow these steps to configure 802.1X globally:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enable 802.1X globally
dot1x
Required
Disabled by default
Specify the authentication
method
dot1x authentication-method
{ chap | eap | pap }
Optional
CHAP by default
Specify the port authorization
mode for specified or all ports
dot1x port-control
{ authorized-force | auto |
unauthorized-force }
[ interface interface-list ]
Optional
auto by default
Specify the port access control
method for specified or all ports
dot1x port-method
{ macbased | portbased }
[ interface interface-list ]
Optional
macbased by default
Set the maximum number of
users for specified or all ports
dot1x max-user user-number
[ interface interface-list ]
Optional
256 by default