Configuring 802.1X Global Settings - Huawei Quidway S1700 Series Web User Manual

Hide thumbs Also See for Quidway S1700 Series:

Manual (266 pages)

Web user manual (228 pages)

User manual and installation manual (8 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

page of 122

/ 122
Contents
Table of Contents
Bookmarks

Table of Contents

Quidway S1700 Series Ethernet Switches

Web User Manual

server, which means that authorized users can use the same credentials for authentication from

any point within the network.

This switch uses the Extensible Authentication Protocol over LANs (EAPOL) to exchange

authentication protocol messages with the client, and a remote RADIUS authentication server

to verify user identity and access rights. When a client (i.e., Supplicant) connects to a switch

port, the switch (i.e., Authenticator) responds with an EAPOL identity request. The client

provides its identity (such as a user name) in an EAPOL response to the switch, which it

forwards to the RADIUS server. The RADIUS server verifies the client identity and sends an

access challenge back to the client. The EAP packet from the RADIUS server contains not

only the challenge, but the authentication method to be used. The client can reject the

authentication method and request another, depending on the configuration of the client

software and the RADIUS server. The encryption method used to pass authentication

messages can be MD5 (Message-Digest 5), TLS (Transport Layer Security), PEAP (Protected

Extensible Authentication Protocol), or TTLS (Tunneled Transport Layer Security). The client

responds to the appropriate method with its credentials, such as a password or certificate. The

RADIUS server verifies the client credentials and responds with an accept or reject packet. If

authentication is successful, the switch allows the client to access the network. Otherwise,

non-EAP traffic on the port is blocked or assigned to a guest VLAN based on the

"intrusion-action" setting. In "multi-host" mode, only one host connected to a port needs to

pass authentication for all other hosts to be granted network access. Similarly, a port can

become unauthorized for allhosts if one attached host fails re-authentication or sends an

EAPOL logoff message.

9.6.1 Configuring 802.1x Global Settings

Use the Security > Port Authentication (Configure Global) page to configure IEEE 802.1X

port authentication. The 802.1X protocol must be enabled globally for the switch system

before port settings are active.

To configure global settings for 802.1X:

1. Click Security, Port Authentication.

2. Select Configure Global from the Step list.

3. Enable 802.1X globally for the switch.

4. Click Apply

Figure 9-10 Configuring Global Settings for 802.1x Port Authentication

Issue 01 (2011-11-17)

Huawei Proprietary and Confidential

9 Security Measures

Table of Contents

Show Quick Links

Hide quick links:

Table of Contents

Configuring 802.1X Global Settings - Huawei Quidway S1700 Series Web User Manual

9.6.1 Configuring 802.1x Global Settings

Hide quick links:

Related Manuals for Huawei Quidway S1700 Series

Related Content for Huawei Quidway S1700 Series

Table of Contents