3Com 7757 Configuration Manual page 400

400 C 39: 802.1
HAPTER X
c
C
ONFIGURATION
Table 318 Configure basic 802.1x functions
Operation
Enable 802.1x for
specified ports
Set port access
control mode for
specified ports
Set port access
method for specified
ports
Set authentication
method for 802.1x
users
Enable 802.1x
re-authentication
CAUTION:
802.1x-related configurations can all be performed in system view. Port access
■
control mode and port access method can also be configured in port view.
If you perform a configuration in system view and do not specify the
■
interface-list argument, the configuration applies to all ports. Configurations
performed in Ethernet port view apply to the current Ethernet port only and
the interface-list argument is not needed in this case.
802.1x configurations take effect only after you enable 802.1x both globally
■
and for specified ports.
Changing the access control method on a port by the dot1x port-method
■
command will forcibly log out the online 802.1x users on the port.
You can set 802.1x re-authentication timer on the switch either by using the
■
dot1x reauth-period command or through the RADIUS server. Upon
receiving an Access-Accept packet, with Termination-Action attribute value set
to 1, from the server, the switch performs authentication at an interval of the
session-timeout value of the Access-Accept packet. In actual authentication,
the switch uses the latest time value obtained as the authentication interval.
After re-authentication is enabled on a port, you cannot change the dynamic
■
VLAN delivery attribute value for the port; if you do so, the re-authentication
will cause users to be offline.
Command
Use the following command in
system view:
dot1x [ interface interface-list ]
Use the following command in
port view:
dot1x
dot1x
port-control { authorized-force
| unauthorized-force | auto }
[ interface interface-list ]
dot1x
port-method { macbased |
portbased } [ interface
interface-list ]
dot1x
authentication-method { chap
| pap | eap }
In system view:
dot1x re-authenticate
[ interface interface-list ]
In port view:
dot1x re-authenticate
Description
Required
By default, 802.1x is disabled for
all ports.
Optional
By default, an 802.1x-enabled port
operates in an auto mode.
Optional
The default port access method is
MAC-address-based (that is, the
macbased keyword is used by
default).
Optional
By default, a switch performs
CHAP authentication in EAP
terminating mode.
Optional
By default, 802.1x
re-authentication is disabled on all
ports.