79
Configuration prerequisites
Before you configure 802.1X, complete the following tasks:
• Configure an ISP domain and AAA scheme (local or RADIUS authentication) for 802.1X users.
• If RADIUS authentication is used, create user accounts on the RADIUS server.
• If local authentication is used, create local user accounts on the access device and set the service
type to lan-access.
For more information about RADIUS client configuration, see "Configuring AAA."
802.1X configuration task list
Tasks at a
lance
(Required.) Enabling 802.1X
(Required.) Enabling EAP relay or EAP termination
(Optional.) Setting the port authorization state
(Optional.) Specifying an access control method
(Optional.) Setting the maximum number of concurrent 802.1X users on a port
(Optional.) Setting the maximum number of authentication request attempts
(Optional.) Setting the 802.1X authentication timeout timers
(Optional.) Configuring the online user handshake feature
(Optional.) Configuring the authentication trigger feature
(Optional.) Specifying a mandatory authentication domain on a port
(Optional.) Configuring the quiet timer
(Optional.) Enabling the periodic online user reauthentication feature
(Optional.) Configuring an 802.1X guest VLAN
(Optional.) Configuring an 802.1X Auth-Fail VLAN
(Optional.) Configuring an 802.1X critical VLAN
(Optional.) Specifying supported domain name delimiters
(Optional.) Configuring the EAD assistant feature
Enabling 802.1X
When you enable 802.1X, follow these guidelines:
• If the PVID is a voice VLAN, the 802.1X feature cannot take effect on the port. For more information
about voice VLANs, see Layer 2—LAN Switching Configuration Guide.
• Do not enable 802.1X on a port that is in a link aggregation.
To enable 802.1X:
To Next Page
Loading...
Need help?
General