Introduction to 802.1x configuration – H3C Technologies H3C WX3000 Series Unified Switches User Manual

Page 229

Advertising
background image

23-12

802.1x re-authentication will fail if a CAMS server is used and configured to perform authentication but
not accounting. This is because a CAMS server establishes a user session after it begins to perform
accounting. Therefore, to enable 802.1x re-authentication, do not configure the accounting none
command in the domain. This restriction does not apply to other types of servers.

Introduction to 802.1x Configuration

802.1x provides a solution for authenticating users. To implement this solution, you need to execute
802.1x-related commands. You also need to configure AAA schemes on the device and specify the
authentication scheme (RADIUS, HWTACACS or local authentication scheme).

Figure 23-11

802.1x configuration

z

An 802.1x user uses the domain name to associate with the ISP domain configured on the device.

z

Configure the AAA scheme (a local authentication scheme, a RADIUS scheme or a HWTACACS
scheme) to be adopted in the ISP domain.

z

If you specify to use a local authentication scheme, you need to configure the user names and
passwords manually on the device. Users can pass the authentication through 802.1x client if they
provide user names and passwords that match those configured on the device.

z

If you specify to adopt the RADIUS scheme, users are authenticated by a remote RADIUS server.
In this case, you need to configure user names and passwords on the RADIUS server and perform
RADIUS client-related configuration on the device.

z

If you specify to adopt the HWTACACS scheme, users are authenticated by a remote TACACS
server. In this case, you need to configure user names and passwords on the TACACS server and
perform HWTACACS client-related configuration on the device.

z

You can also specify to adopt the RADIUS or HWTACACS authentication scheme, with a local
authentication scheme as a backup. In this case, the local authentication scheme is adopted when
the RADIUS server or the TACACS server fails.

Refer to AAA in H3C WX3000 Series Unified Switches Switching Engine Configuration Guide for
detailed information about AAA scheme configuration.

Advertising
Popular Brands
Popular manuals