H3C Technologies H3C S5120 Series Switches User Manual

1-37

# Enable 802.1X globally.

[Switch] dot1x

# Enable 802.1X for port GigabitEthernet1/0/1.

[Switch] interface gigabitethernet 1/0/1

[Switch-GigabitEthernet1/0/1] dot1x

[Switch-GigabitEthernet1/0/1] quit

# Configure the access control method. (Optional Because the default setting meets the requirement.)

[Switch] dot1x port-method macbased interface gigabitethernet 1/0/1

3) Verification

z

If the 802.1X client of Windows XP is used, the properties of the 802.1X connection should be

specifically configured in the Authentication tab on the Properties page, where you must select

the Enable IEEE 802.1X authentication for this network option and specify the EAP type as

MD5-Challenge.

z

If the H3C iNode client is used, no advanced authentication options need to be enabled.

When using the H3C iNode client, the user can pass authentication after entering username

dot1x@bbb and the correct password in the client property page. When using the Windows XP 802.1X

client, the user can pass authentication after entering the correct username and password in the pop-up

authentication page. After the user passes authentication, the server assigns the port connecting the

client to VLAN 4.

Use the display connect command to view the connection information on the switch.

[Switch] display connection

Slot: 1

Index=22 , Username=dot1x@bbb

IP=192.168.1.58

MAC=0015-e9a6-7cfe

Total 1 connection(s) matched on slot 1.

Total 1 connection(s) matched.

# View the information of the specified connection on the switch.

[Switch] display connection ucibindex 22

Slot: 1

Index=22 , Username=dot1x@bbb

MAC=0015-e9a6-7cfe

IP=192.168.1.58

Access=8021X ,AuthMethod=CHAP

Port Type=Ethernet,Port Name=GigabitEthernet1/0/1

Initial VLAN=2, Authorization VLAN=4

ACL Group=Disable

User Profile=N/A

CAR=Disable

Priority=Disable

Start=2009-04-26 19:41:12 ,Current=2009-04-26 19:41:25 ,Online=00h00m14s