R3303-HP HSR6800 Routers Security Configuration Guide
87
802.1X configuration task list
Task Remarks
Enabling 802.1X Required.
Enabling EAP relay or EAP termination Optional.
Setting the port authorization state Optional.
Specifying an access control method Optional.
Setting the maximum number of concurrent 802.1X users on a port Optional.
Setting the maximum number of authentication request attempts Optional.
Setting the 802.1X authentication timeout timers Optional.
Configuring the online user handshake function Optional.
Enabling the proxy detection function Optional.
Configuring the authentication trigger function Optional.
Specifying a mandatory authentication domain on a port Optional.
Configuring the quiet timer Optional.
Enabling the periodic online user re-authentication function Optional.
Configuring an 802.1X guest VLAN Optional.
Configuring an Auth-Fail VLAN Optional.
Configuring an 802.1X critical VLAN Optional.
Specifying supported domain name delimiters Optional.
Enabling 802.1X
Follow these guidelines when you enable 802.1X:
• If the PVID of a port is a voice VLAN, the 802.1X function cannot take effect on the port. For more
information about voice VLANs, see Layer 2—LAN Switching Configuration Guide.
• 802.1X is mutually exclusive with link aggregation and service loopback group configuration on a
port.
• On an 802.1X and MAC authentication enabled port, the EAP packet from an unknown MAC
address immediately triggers 802.1X authentication, and any other type of packet from an
unknown MAC address triggers MAC authentication 30 seconds after its arrival.
To enable 802.1X:
Ste
p
Command
Remarks
1. Enter system view.
system-view
N/A
2. Enable 802.1X globally.
dot1x
By default, 802.1X is disabled
globally.