Optional) Configuring The Interface Access Mode - Huawei Quidway S2700 Series Configuration Manual

Quidway S2700 Series Ethernet Switches
Configuration Guide - Security
l In Extensible Authentication Protocol (EAP) authentication, the S2700 sends the
PAP authentication and CHAP authentication are two kinds of termination authentication
methods and EAP authentication is a kind of relay authentication method.
Only if RADIUS authentication is adopted, you can use the EAP authentication for 802.1x users.
----End

2.3.6 (Optional) Configuring the Interface Access Mode

Context
The 802.1x protocol can work in the following modes:
l
l
You can configure the access mode of an interface in the following ways.
Procedure
l
l
Issue 01 (2011-07-15)
compared with PAP authentication, CHAP authentication is more secure and reliable and
protects user privacy better.
authentication information of an 802.1x user to the RADIUS server through EAP packets
without converting EAP packets into RADIUS packets. To use the PEAP, EAP-TLS, EAP-
TTLS, or EAP-MD5 authentication, you only need to enable the EAP authentication.
CAUTION
Interface mode: If the MAC address of a device connected to an interface passes
authentication, all the MAC addresses of other devices connected to the interface can access
the network without authentication.
MAC mode: The MAC address of each device connected to the interface must pass
authentication to access the network.
In the system view:
1. Run:
system-view
The system view is displayed.
2. Run:
dot1x port-method { mac | port } interface { interface-type interface-
number1 [ to interface-number2 ] } &<1-10>
The access mode of interfaces is configured.
You can configure the access mode of interfaces in batches by specifying the interface
list in the dot1x port-method command in the system view.
In the interface view:
1. Run:
system-view
The system view is displayed.
2. Run:
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2 NAC Configuration
54