89
Task Remarks
Specifying a mandatory authentication domain on a port Optional
Configuring the quiet timer Optional
Enabling the periodic online user re-authentication function Optional
Configuring an 802.1X guest VLAN Optional
Configuring an Auth-Fail VLAN Optional
Specifying supported domain name delimiters Optional
Enabling 802.1X
Configuration guidelines
• If the default VLAN of a port is a voice VLAN, the 802.1X function cannot take effect on the port. For
more information about voice VLANs, see Layer 2
—
LAN Switching Configuration Guide.
• 802.1X is mutually exclusive with link aggregation and service loopback group configuration on a
port.
• Do not use the BPDU drop feature on an 802.1X-enabled port. The BPDU drop feature discards
802.1X packets arrived on the port.
Configuration procedure
Follow these steps to enable 802.1X on a port:
To do… Use the command… Remarks
Enter system view system-view —
Enable 802.1X globally dot1x
Required
Disabled by default.
Enable 802.1X
on a port
In system view dot1x interface interface-list
Required
Use either approach.
Disabled by default.
In Ethernet
interface view
interface interface-type
interface-number
dot1x
Enabling EAP relay or EAP termination
When you configure EAP relay or EAP termination, consider the following factors:
• The support of the RADIUS server for EAP packets
• The authentication methods supported by the 802.1X client and the RADIUS server
If the client is using only MD5-Challenge EAP authentication or the "username + password" EAP
authentication initiated by an iNode 802.1X client, you can use both EAP termination and EAP relay. To
use EAP-TL, PEAP, or any other EAP authentication methods, you must use EAP relay. When you make
your decision, see "A comparison of EAP relay and EAP termination" for help.
For more information about EAP relay and EAP termination, see "802.1X authentication procedures."
Follow these steps to configure EAP relay or EAP termination:
To Next Page
Loading...
Need help?
General