X Configuration - Huawei Quidway S3900 Series Operation Manual

Operation Manual – 802.1x
Quidway S3900 Series Ethernet Switches-Release 1510
Note:
The client-version-checking function needs the support of Huawei's 802.1x client
program.
III. The Guest VLAN function
The Guest VLAN function enables supplicant systems that do not pass the
authentication to access a LAN in a restrained way.
With the Guest VLAN function enabled, supplicant systems that do not have 802.1x
client installed can access specific network resources. They can also upgrade their
802.1x clients without being authenticated.
With this function enabled:
The switch multicasts trigger packets to all 802.1x-enabled ports.
After the maximum number retries have been made and there are still ports that
have not sent any response back, the switch will then add these ports into the
Guest VLAN.
Users belonging to the Guest VLAN can access the resources of the Guest VLAN
without being authenticated. But they need to be authenticated before accessing
external resources.
Normally, the Guest VLAN function is coupled with the dynamic VLAN delivery function.
Refer to AAA&RADIUS&RADIUS&HWTACACS&EAD Operation Manual for detailed
information about dynamic VLAN assignment function.

1.2 802.1x Configuration

802.1x provides a solution for authenticating users. To implement this solution, you
need to execute 802.1x-related commands. You also need to configure AAA schemes
on switches and to specify the authentication scheme (RADIUS authentication scheme
or local authentication scheme).
802.1x 802.1x
configurati on configurati on
Figure 1-10 802.1x configuration
802.1x users use domain names to associate with the ISP domains configured on
switches
Configure the AAA scheme (a local authentication scheme or the RADIUS
scheme) to be adopted in the ISP domain.
ISP domain ISP domain
AAA sc heme AAA sc heme
configurati on configurati on
Huawei Technologies Proprietary
1-12
Chapter 1 802.1x Configuration
Local Local
authenticati on authenticati on
RADIUS RADIUS
scheme scheme