To do...
Enter system view
Configure EAP relay or EAP
termination
NOTE:
If EAP relay mode is used, the user-name-format command configured in RADIUS scheme view does not
take effect. The access device sends the authentication data from the client to the server without any
modification. For more information about the user-name-format command, see
Reference
.
Setting the port authorization state
The port authorization state determines whether the client is granted access to the network. You can
control the authorization state of a port by using the dot1x port-control command and the following
keywords:
authorized-force—Places the port in the authorized state, enabling users on the port to access the
•
network without authentication.
unauthorized-force—Places the port in the unauthorized state, denying any access requests from
•
users on the port.
auto—Places the port initially in the unauthorized state to allow only EAPOL packets to pass, and
•
after a user passes authentication, sets the port in the authorized state to allow access to the network.
You can use this option in most scenarios.
You can set authorization state for one port in Ethernet interface view, or for multiple ports in system view.
If different authorization state is set for a port in system view and Etherent interface view, the one set later
takes effect.
Follow these steps to set the authorization state of a port:
To do...
Enter system view
Set the port
authorization
state
Use the command...
system-view
dot1x authentication-method
{ chap | eap | pap }
Use the command...
system-view
dot1x port-control { authorized-force |
In system view
auto | unauthorized-force } [ interface
interface-list ]
interface interface-type interface-number
In Ethernet
dot1x port-control { authorized-force |
interface view
auto | unauthorized-force }
90
Remarks
—
Optional
By default, the network access
device performs EAP termination
and uses CHAP to communicate
with the RADIUS server.
Specify the eap keyword to enable
EAP termination.
Specify the chap or pap keyword
to enable CHAP-enabled or
PAP-enabled EAP relay.
Security Command
Remarks
—
Optional
Use either approach.
By default, auto applies.