H3C Technologies H3C WX6000 Series Access Controllers User Manual
Page 269
31-15
Item
Description
Authentication
Method
EAP: Use the Extensible Authentication Protocol (EAP). With EAP authentication,
the authenticator encapsulates 802.1X user information in the EAP attributes of
RADIUS packets and sends the packets to the RADIUS server for authentication; it
does not need to repackage the EAP packets into standard RADIUS packets for
authentication.
CHAP: Use the Challenge Handshake Authentication Protocol (CHAP). By default,
CHAP is used. CHAP transmits only user names rather than passwords over the
network. Therefore this method is safer.
PAP: Use the Password Authentication Protocol (PAP). PAP transmits passwords in
plain text.
Handshake
Enable: Enable the online user handshake function so that the device can
periodically send handshake messages to a user to check whether the user is
online. By default, the function is enabled.
Disable: Disable the online user handshake function.
Multicast Trigger
Enable: Enable the multicast trigger function of 802.1X to send multicast trigger
messages to the clients periodically for initiating authentication. By default, the
multicast trigger function is enabled.
Disable: Disable the 802.1X multicast trigger function.
For a WLAN, the clients can actively initiate authentication, or the AP can discover
users and trigger authentication. Therefore, the ports do not need to send 802.1X
multicast trigger messages for initiating authentication periodically. You are
recommended to disable the multicast trigger function in a WLAN because the multicast
trigger messages consume bandwidth.
3) Configuring the other four port security modes
Figure 31-16 Port security configuration page for the other four security modes
(mac-else-userlogin-secure is taken for example)
shows the configuration items of the other four security modes.