Configuration - H3C S7500 Series Operation Manual
Hide thumbs
Also See for S7500 Series:
- Installation manual (79 pages) ,
- Operation manual (47 pages) ,
- Command manual (39 pages)
Table of Contents
Advertisement
Operation Manual – 802.1x
H3C S7500 Series Ethernet Switches
With the Guest VLAN function enabled, supplicant systems that do not have 802.1x
client installed can access specific network resources. They can also upgrade their
802.1x clients without being authenticated.
With this function enabled:
The switch multicasts trigger packets to all 802.1x-enabled ports.
If some port still does not send any response packet after the retry times reaches
the maximum value, the switch will add the port into the Guest VLAN.
Users belonging to the Guest VLAN can access the resources of the Guest VLAN
without being authenticated. But they need to be authenticated before accessing
external resources.
Normally, the Guest VLAN function is coupled with the dynamic VLAN assignment
function.
For detailed information about dynamic VLAN assignment function, Refer to
AAA-RADIUS-HWTACACS-EAD Operation Manual .
1.2 802.1x Configuration
802.1x provides a solution for authenticating users. To implement this solution, you
need to execute 802.1x-related commands. You also need to configure AAA schemes
on switches and to specify the authentication scheme (RADIUS authentication scheme
or local authentication scheme).
802.1x
802.1x
configurati on
configurati on
Figure 1-10 802.1x configuration
802.1x users use domain names to associate with the ISP domains configured on
switches.
An AAA scheme (a local authentication scheme or the RADIUS scheme) is
configured for the ISP domain.
If you specify to use the RADIUS scheme, that is to say the supplicant systems are
authenticated by a remote RADIUS server, you need to configure the related user
names and passwords on the RADIUS server and perform RADIUS client-related
configuration on the switches.
If you specify to adopt a local authentication scheme, you need to configure user
names and passwords manually on the switches. Users can pass the
authentication through the 802.1x client if they provide the user names and
passwords that match with those stored in the switches.
ISP domain
ISP domain
AAA sc heme
AAA sc heme
configurati on
configurati on
1-12
Chapter 1 802.1x Configuration
Local
Local
aut henticati on
aut henticati on
RADIUS
RADIUS
scheme
scheme
Advertisement
Chapters
Table of Contents
Troubleshooting
