802.1X Overview - H3C S5120-EI Series Operation Manual
Hide thumbs
Also See for S5120-EI Series:
- Operation manual (1191 pages) ,
- Command reference manual (242 pages) ,
- Configuration manual (206 pages)
Table of Contents
Advertisement
Different ports can be configured with different Auth-Fail VLANs, but a port can be configured with
only one Auth-Fail VLAN.
The Auth-Fail VLAN function and the free IP function in EAD fast deployment are mutually
exclusive on a port.
If you configure both an MAFV for 802.1X authentication and an MGV for MAC authentication on a
port, the newly generated MAFV entry for a user will overwrite the MGV entry for the user, if any;
while the newly generated MGV entry for a user will not overwrite the MAFV entry, if any.
The generated MAFV entry for a MAC address will overwrite the existing blocked-MAC entry of the
MAC address on the port. But if the port is disabled by the intrusion protection function, the MAFV
cannot take effect. For description on the intrusion protection function of disabling a port, refer to
Port Security Configuration in the Security Volume.
If the traffic from a user-side device carries VLAN tags and the 802.1X authentication and guest
VLAN functions are configured on the access port, you are recommended to configure different
VLAN IDs for the voice VLAN, default VLAN of the port, and 802.1X guest VLAN. This is to ensure
the normal use of the functions.
Displaying and Maintaining 802.1X
802.1X Configuration Example
Guest VLAN and VLAN Assignment Configuration Example
ACL Assignment Configuration Example
802.1X Overview
The 802.1X protocol was proposed by IEEE802 LAN/WAN committee for security of wireless LANs
(WLAN). It has been widely used on Ethernet as a common port access control mechanism.
As a port-based access control protocol, 802.1X authenticates and controls accessing devices at the
port level. A device connected to an 802.1X-enabled port of an access control device can access the
resources on the LAN only after passing authentication.
The port security feature provides rich security modes that combine or extend 802.1X and MAC
address authentication. In a networking environment that requires flexible use of 802.1X and MAC
address authentication, you are recommended to configure the port security feature. In a network
environment that requires only 802.1X authentication, you are recommended to configure the 802.1X
directly rather than configure the port security feature for simplicity sake. For how to use the port
security feature, refer to Port Security Configuration in the Security Volume.
To get more information about 802.1X, go to these topics:
Architecture of 802.1X
Basic Concepts of 802.1X
1-2
Advertisement
Chapters
Table of Contents
Troubleshooting
