3Com Switch 4200G Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

171

172

173

174

175

176

177

178

179

180

Timer and Maximum User Number Configuration 159

Configuring Basic 802.1x

Functions

CAUTION:

802.1x-related configurations can all be performed in system view. Port access control

mode and port access method can also be configured in port view.

If you perform a configuration in system view and do not specify the interface-list

argument, the configuration applies to all ports. Configurations performed in

Ethernet port view apply to the current Ethernet port only and the interface-list

argument is not needed in this case.

802.1x configurations take effect only after you enable 802.1x both globally and for

specified ports.

Timer and Maximum

User Number

Configuration

Table 122 Configure basic 802.1x functions

Operation Command Description

Enter system view system-view —

Enable 802.1x globally dot1x Required

By default, 802.1x is disabled

globally.

Enable 802.1x for

specified ports

Use the following command in

system view:

dot1x [ interface interface-list ]

Required

By default, 802.1x is disabled for all

ports.

Use the following command in

port view:

dot1x

Set port access control

mode for specified

ports

dot1x port-control

{ authorized-force |

unauthorized-force | auto } [

interface interface-list ]

Optional

By default, an 802.1x-enabled port

operates in an auto mode.

Set port access method

for specified ports

dot1x port-method { macbased

| portbased } [ interface

interface-list ]

Optional

The default port access method is

MAC-address-based (that is, the

macbased keyword is used by

default).

Set authentication

method for 802.1x

users

dot1x authentication-method

{ chap | pap | eap }

Optional

By default, a switch performs CHAP

authentication in EAP terminating

mode.

Table 123 Configure 802.1x timers and the maximum number of users

Operation Command Description

Enter system view system-view -

Configure the

maximum number of

concurrent on-line

users for specified

ports

In system view:

dot1x max-user user-number [

interface interface-list ]

Optional

By default, up to 256 concurrent

on-line users are allowed on each

port.

In port view:

dot1x max-user user-number

Configure the

maximum retry times

to send request

packets

dot1x retry max-retry-value Optional

By default, the maximum retry

times to send a request packet is 2.

That is, the authenticator system

sends a request packet to a

supplicant system for up to two

times by default.