Configuring 802.1X - 3Com Switch 4800G 24-Port Configuration Manual

726 C 50: 802.1
HAPTER

Configuring 802.1x

Configuration
Prerequisites
Configuring 802.1x
Globally
C
X ONFIGURATION
device. You can change the access rights of users by modifying authorization ACL
settings on the RADIUS server or changing the corresponding ACL rules on the
device.
802.1x provides a user identity authentication scheme. However, 802.1x cannot
implement the authentication scheme solely by itself. RADIUS or local
authentication must be configured to work with 802.1x.
Configure the ISP domain to which the 802.1x user belongs and the AAA
■
scheme to be used (that is, local authentication or RADIUS).
For remote RADIUS authentication, the username and password information
■
must be configured on the RADIUS server.
For local authentication, the username and password information must be
■
configured on the authenticator and the service type must be set to
lan-access.
For detailed configuration of the RADIUS client, refer to "Configuring RADIUS" on
page 765.
Follow these steps to configure 802.1x globally:
To do...
Enter system view
Enable 802.1x globally
Set the authentication method dot1x
Set the port Set the port
access control access control
parameters mode for
specified or all
ports
Set the port
access control
method for
specified or all
ports
Set the
maximum
number of
users for
specified or all
ports
Set the maximum number of
attempts to send an
authentication request to a
supplicant
Use the command...
system-view
dot1x
authentication-method
{ chap | eap | pap }
dot1x port-control
{ authorized-force | auto |
unauthorized-force }
[ interface interface-list ]
dot1x port-method
{ macbased | portbased }
[ interface interface-list ]
dot1x max-user
user-number [ interface
interface-list ]
dot1x retry max-retry-value
Remarks
-
Required
Disabled by default
Optional
CHAP by default
Optional
auto by default
Optional
macbased by default
Optional
By default, the maximum
number of concurrent users
accessing a port is 256.
Optional
2 by default