802.1X Basic Configuration; Configuration Prerequisites; Configuring 802.1X Globally - H3C S5120-SI Series Configuration Manual

Enabling the Quiet Timer
Enabling the Re-Authentication Function
Configuring a Guest VLAN
Configuring an Auth-Fail VLAN

802.1X Basic Configuration

Configuration Prerequisites

802.1X provides a method for implementing user identity authentication. However, 802.1X cannot
implement the authentication scheme solely by itself. RADIUS or local authentication must be
configured to work with 802.1X.
Configure the ISP domain to which the 802.1X user belongs and the AAA scheme to be used (that
is, local authentication or RADIUS).
For remote RADIUS authentication, the username and password information must be configured
on the RADIUS server.
For local authentication, the username and password information must be configured on the device
and the service type must be set to lan-access.
For detailed configuration of the RADIUS client, refer to AAA Configuration.

Configuring 802.1X Globally

Follow these steps to configure 802.1X globally:
To do...
Enter system view
Enable 802.1X globally
Specify the authentication
method
Specify the port authorization
mode for specified or all ports
Specify the port access control
method for specified or all ports
Set the maximum number of
users for specified or all ports
Task
Use the command...
system-view
dot1x
dot1x authentication-method
{ chap | eap | pap }
dot1x port-control
{ authorized-force | auto |
unauthorized-force }
[ interface interface-list ]
dot1x port-method
{ macbased | portbased }
[ interface interface-list ]
dot1x max-user user-number
[ interface interface-list ]
1-13
Remarks
Optional
Optional
Optional
Optional
Remarks
—
Required
Disabled by default
Optional
CHAP by default
Optional
auto by default
Optional
macbased by default
Optional
256 by default