Configuring 802.1X Authentication; Establishing The Configuration Task - Huawei Quidway S2700 Series Configuration Manual
Hide thumbs
Also See for Quidway S2700 Series:
- Configuration manual (354 pages) ,
- Hardware installation and maintenance manual (183 pages) ,
- Quick start manual (62 pages)
Table of Contents
Advertisement
Quidway S2700 Series Ethernet Switches
Configuration Guide - Security
l
l
l
2.3 Configuring 802.1x Authentication
This section describes how to configure the 802.1x authentication function.
2.3.1 Establishing the Configuration Task
Applicable Environment
You can configure 802.1x to implement port-based network access control, that is, to
authenticate and control access devices on an interface of a LAN access control device.
Pre-configuration Tasks
802.1x authentication is only an implementation scheme to authenticate the user identity. To
complete the user identity authentication, you need to select the RADIUS or local authentication
method. Before configuring 802.1x authentication, complete the following tasks:
l
l
l
Data Preparation
To configure 802.1x, you need the following data.
Issue 01 (2011-07-15)
The S2700 automatically specifies the VLAN for users after users pass 802.1x
authentication, MAC address authentication, or MAC address bypass authentication.
When passing 802.1x authentication, MAC address authentication, or MAC bypass
authentication, the system delivers a VLAN to the user according to the VLAN information
carried in response packets of the authentication server in either of the following modes:
– If the VLAN ID carried in response packets of the authentication server is an integer
ranging from 1 to 4094, the system delivers the VLAN according to the VLAN ID.
– If the VLAN ID carried in response packets of the authentication server is not an integer
ranging from 1 to 4094, the system delivers the VLAN according to the VLAN
description.
After users pass 802.1x authentication, MAC address authentication, or MAC address
bypass authentication, the S2700 automatically delivers ACLs to users to allow user packets
to pass through by default.
Authorization ACL dynamically delivered by RADIUS server
If a RADIUS server is configured to deliver authorization ACL and RADIUS scheme is
configured on the related interface of the S2700, then the S2700 controls user access
permission according to the authorization ACL delivered by the RADIUS server. The
network administrator can modify the access permission of a user by changing the
authorization ACL configuration on the RADIUS server or the ACL rules on the S2700.
Configuring the ISP authentication domain and AAA schemes, that is, RADIUS or local
authentication schemes, for the 1x user
Configuring the user name and password on the RADIUS server if RADIUS authentication
is used
Adding the user name and password manually on the S2700 if local authentication is used
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2 NAC Configuration
50
Advertisement
Table of Contents
