Enabling 802.1X - HP 6600 Security Configuration Manual

Task
Setting the port authorization state
Specifying an access control method
Setting the maximum number of concurrent 802.1X users on a port
Setting the maximum number of authentication request attempts
Setting the 802.1X authentication timeout timers
Configuring the online user handshake function
Enabling the proxy detection function
Configuring the authentication trigger function
Specifying a mandatory authentication domain on a port
Configuring the quiet timer
Enabling the periodic online user re-authentication function
Configuring an 802.1X guest VLAN
Configuring an Auth-Fail VLAN
Configuring an 802.1X critical VLAN
Specifying supported domain name delimiters

Enabling 802.1X

Follow these guidelines when you enable 802.1X:
• If the PVID of a port is a voice VLAN, the 802.1X function cannot take effect on the port. For more
information about voice VLANs, see Layer 2—LAN Switching Configuration Guide.
802.1X is mutually exclusive with link aggregation and service loopback group configuration on a
•
port.
• On an 802.1X and MAC authentication enabled port, the EAP packet from an unknown MAC
address immediately triggers 802.1X authentication, and any other type of packet from an
unknown MAC address triggers MAC authentication 30 seconds after its arrival.
To enable 802.1X:
Step
1. Enter system view.
2. Enable 802.1X globally.
3. Enable 802.1X on a port in
system view or Ethernet
interface view.
Command
system-view
dot1x
•
In system view:
dot1x interface interface-list
•
In Ethernet interface view:
a. interface interface-type
interface-number
b. dot1x
88
Remarks
Optional.
Optional.
Optional.
Optional.
Optional.
Optional.
Optional.
Optional.
Optional.
Optional.
Optional.
Optional.
Optional.
Optional.
Optional.
Remarks
N/A
By default, 802.1X is disabled
globally.
By default, 802.1X is disabled
on a port.