Basic 802.1x configuration, Configuration prerequisites, Configuring basic 802.1x functions – H3C Technologies H3C WX3000 Series Unified Switches User Manual

23-13

Basic 802.1x Configuration

Configuration Prerequisites

z

Configure ISP domain and the AAA scheme to be adopted. You can specify a RADIUS scheme, a
HWTACACS scheme, or a local scheme.

z

Ensure that the service type is configured as lan-access (by using the service-type command) if
local authentication scheme is adopted.

Configuring Basic 802.1x Functions

Follow these steps to configure basic 802.1x functions:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enable 802.1x globally

dot1x

Required
By default, 802.1x is disabled globally.

In system
view

dot1x

[ interface interface-list ]

interface

interface-type

interface-number

dot1x

Enable
802.1x
for
specified
ports

In port view

quit

Required
By default, 802.1x is disabled on all ports.

Set port authorization
mode for specified ports

dot1x port-control
{ authorized-force |
unauthorized-force

| auto }

[ interface interface-list ]

Optional
By default, an 802.1x-enabled port
operates in the auto mode.

Set the access control
method for specified ports

dot1x

port-method { macbased |

portbased

} [ interface

interface-list

]

Optional
The default access control method on a
port is MAC-based (that is, the macbased
keyword is used by default).

Set authentication
method for 802.1x users

dot1x authentication-method

{ chap | pap | eap }

Optional
By default, the device performs CHAP
authentication in EAP terminating mode.

Enable online user
handshaking

dot1x handshake enable

Optional
By default, online user handshaking is
enabled.

Enter Ethernet port view

interface interface-type
interface-number

—

Enable the handshaking
packet secure function

dot1x handshake secure

Optional
By default, the handshaking secure
function is disabled.