If port-based access control is used, the port sends a multicast Identity EAP/Request to the 802.1X
•
users to trigger authentication.
ACL assignment
You can specify an ACL for an 802.1X user to control its access to network resources. After the user
passes 802.1X authentication, the authentication server, either the local access device or a RADIUS
server, assigns the ACL to the port to filter the traffic from this user. In either case, you must configure the
ACL on the access device. You can change ACL rules while the user is online.
Configuration prerequisites
Configure an ISP domain and AAA scheme (local or RADIUS authentication) for 802.1X users.
•
If RADIUS authentication is used, create user accounts on the RADIUS server.
•
If local authentication is used, create local user accounts on the access device and set the service
•
type to lan-access.
802.1X configuration task list
Task
Enabling 802.1X
Enabling EAP relay or EAP termination
Setting the port authorization state
Specifying an access control method
Setting the maximum number of concurrent 802.1X users on a port
Setting the maximum number of authentication request attempts
Setting the 802.1X authentication timeout timers
Configuring the online user handshake function
Configuring the authentication trigger function
Specifying a mandatory authentication domain on a port
Configuring the quiet timer
Enabling the periodic online user re-authentication function
Configuring an 802.1X guest VLAN
Configuring an 802.1X Auth-Fail VLAN
Configuring an 802.1X critical VLAN
Specifying supported domain name delimiters
79
Remarks
Required
Optional
Optional
Optional
Optional
Optional
Optional
Optional
Optional
Optional
Optional
Optional
Optional
Optional
Optional
Optional