H3C Technologies H3C S12500-X Series Switches User Manual
Page 7
ii
802.1X overview ······················································································································································· 61
802.1X architecture ······················································································································································· 61
Controlled/uncontrolled port and port authorization status ······················································································ 61
802.1X-related protocols ·············································································································································· 62
Packet formats ························································································································································ 63
EAP over RADIUS ·················································································································································· 64
Initiating 802.1X authentication ··································································································································· 64
802.1X client as the initiator································································································································ 64
Access device as the initiator ······························································································································· 65
802.1X authentication procedures ······························································································································ 65
Comparing EAP relay and EAP termination ······································································································· 66
EAP relay ································································································································································ 66
EAP termination ····················································································································································· 68
Configuring 802.1X ·················································································································································· 70
H3C implementation of 802.1X ··································································································································· 70
Configuration prerequisites ··········································································································································· 70
802.1X configuration task list ······································································································································· 70
Enabling 802.1X ···························································································································································· 71
Enabling EAP relay or EAP termination ······················································································································· 71
Setting the port authorization state ······························································································································ 72
Specifying an access control method ·························································································································· 72
Setting the maximum number of concurrent 802.1X users on a port ······································································· 72
Setting the maximum number of authentication request attempts ············································································· 73
Setting the 802.1X authentication timeout timers ······································································································· 73
Configuring the online user handshake function ········································································································ 74
Configuring the authentication trigger function ·········································································································· 74
Configuration guidelines ······································································································································ 75
Configuration procedure ······································································································································ 75
Specifying a mandatory authentication domain on a port ························································································ 75
Configuring the quiet timer ··········································································································································· 76
Enabling the periodic online user re-authentication function ····················································································· 76
Displaying and maintaining 802.1X ··························································································································· 76
802.1X authentication configuration example ··········································································································· 77
Network requirements ··········································································································································· 77
Configuration procedure ······································································································································ 77
Verifying the configuration ··································································································································· 79
Configuring MAC authentication ······························································································································ 80
Overview ········································································································································································· 80
User account policies ············································································································································ 80
Authentication methods········································································································································· 80
Configuration prerequisites ··········································································································································· 81
Configuration task list ···················································································································································· 81
Enabling MAC authentication ······································································································································ 81
Specifying a MAC authentication domain ·················································································································· 82
Configuring the user account format ···························································································································· 82
Configuring MAC authentication timers ······················································································································ 83
Setting the maximum number of concurrent MAC authentication users on a port ·················································· 83
Configuring MAC authentication delay ······················································································································· 84
Displaying and maintaining MAC authentication ······································································································ 84
MAC authentication configuration examples ·············································································································· 85
Local MAC authentication configuration example····························································································· 85
RADIUS-based MAC authentication configuration example············································································· 86