R2511-HP MSR Router Series Security Configuration Guide(V5)
92
Task Remarks
Setting the 802.1X authentication timeout timers Optional.
Configuring the online user handshake function Optional.
Enabling the proxy detection function Optional.
Configuring the authentication trigger function Optional.
Specifying a mandatory authentication domain on a port Optional.
Configuring the quiet timer Optional.
Enabling the periodic online user re-authentication function Optional.
Configuring an 802.1X guest VLAN Optional.
Configuring an Auth-Fail VLAN Optional.
Configuring an 802.1X critical VLAN Optional.
Specifying supported domain name delimiters Optional.
Enabling 802.1X
Follow these guidelines when you enable 802.1X:
• If the PVID of a port is a voice VLAN, the 802.1X function cannot take effect on the port. For more
information about voice VLANs, see Layer 2—LAN Switching Configuration Guide.
• 802.1X is mutually exclusive with link aggregation group configuration on a port.
• On an 802.1X and MAC authentication enabled port, the EAP packet from an unknown MAC
address immediately triggers 802.1X authentication, and any other type of packet from an
unknown MAC address triggers MAC authentication 30 seconds after its arrival.
To enable 802.1X:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable 802.1X globally.
dot1x
By default, 802.1X is disabled
globally.
3. Enable 802.1X on a port in
system view or Ethernet
interface view.
• In system view:
dot1x interface interface-list
• In Ethernet interface view:
a. interface interface-type
interface-number
b. dot1x
By default, 802.1X is disabled
on a port.
Enabling EAP relay or EAP termination
When configuring EAP relay or EAP termination, consider the following factors:
• The support of the RADIUS server for EAP packets
• The authentication methods supported by the 802.1X client and the RADIUS server