1742
C
92: 802.1
HAPTER
X
C
ONFIGURATION
To do...
Enter Ethernet interface view
Set the port access control
mode for the port
Set the port access control
method for the port
Set the maximum number of
users for the port
Enable online user handshake dot1x handshake
Enable detection and control
of users logging in through
proxies for the port
Enable multicast trigger
Note that:
The 802.1x proxy detection function depends on the online user handshake
■
function. Be sure to enable handshake before enabling proxy detection and to
disable proxy detection before disabling handshake.
You can neither add an 802.1x-enabled port into an aggregation group nor
■
enable 802.1x on a port being a member of an aggregation group.
Once enabled with the 802.1x multicast trigger function, a port sends
■
multicast trigger messages to the client periodically to initiate authentication.
However, this does not happen in a wireless LAN where a client initiates
authentication unsolicitedly or the wireless module finds a user and triggers
authentication. You are recommended to disable the multicast trigger function
in wireless LAN because the multicast trigger messages consume bandwidth.
For a user-side device sending untagged traffic, the voice VLAN function and
■
8021.x are mutually exclusive and cannot be configured together on the same
port. For details about voice VLAN, refer to
page
497.
In EAP relay authentication mode, the authenticator encapsulates the 802.1x
■
user information in the EAP attributes of RADIUS packets and sends the
packets to the RADIUS server for authentication. In this case, you can configure
the user-name-format command but it does not take effect. For information
about the user-name-format command, refer to
Configuration" on page
If the username of a supplicant contains the version number or one or more
■
blank spaces, you can neither retrieve information nor disconnect the
supplicant by using the username. However, you can use items such as IP
address and connection index number to do so.
Use the command...
interface interface-type
interface-number
dot1x port-control
{ authorized-force | auto |
unauthorized-force }
dot1x port-method
{ macbased | portbased }
dot1x max-user
user-number
dot1x supp-proxy-check
{ logoff | trap }
dot1x multicast-trigger
"Voice VLAN Configuration" on
1751.
Remarks
-
Optional
auto by default
Optional
macbased by default
Optional
The default varies by device.
Optional
Enabled by default
Optional
Disabled by default
Optional
Enabled by default
"AAA/RADIUS/HWTACACS