Configuration prerequisites
Before you configure 802.1X, complete the following tasks:
•
Configure an ISP domain and AAA scheme (local or RADIUS authentication) for 802.1X users.
If RADIUS authentication is used, create user accounts on the RADIUS server.
•
If local authentication is used, create local user accounts on the access device and set the service
•
type to lan-access.
For more information about RADIUS client configuration, see
802.1X configuration task list
Tasks at a glance
(Required.)
(Required.)
(Optional.)
(Optional.)
(Optional.)
(Optional.)
(Optional.)
(Optional.)
(Optional.)
(Optional.)
(Optional.)
(Optional.)
(Optional.)
(Optional.)
(Optional.)
(Optional.)
(Optional.)
Enabling 802.1X
When you enable 802.1X, follow these guidelines:
If the PVID is a voice VLAN, the 802.1X feature cannot take effect on the port. For more information
•
about voice VLANs, see Layer 2—LAN Switching Configuration Guide.
Do not enable 802.1X on a port that is in a link aggregation.
•
To enable 802.1X:
Enabling 802.1X
Enabling EAP relay or EAP termination
Setting the port authorization state
Specifying an access control method
Setting the maximum number of concurrent 802.1X users on a port
Setting the maximum number of authentication request attempts
Setting the 802.1X authentication timeout timers
Configuring the online user handshake feature
Configuring the authentication trigger feature
Specifying a mandatory authentication domain on a port
Configuring the quiet timer
Enabling the periodic online user reauthentication feature
Configuring an 802.1X guest VLAN
Configuring an 802.1X Auth-Fail VLAN
Configuring an 802.1X critical VLAN
Specifying supported domain name delimiters
Configuring the EAD assistant feature
"Configuring
79
AAA."