3Com Switch 4200G Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

171

172

173

174

175

176

177

178

179

180

Advanced 802.1x Configuration 161

The proxy checking function needs the support of 3Com's 802.1x client program.

The configuration listed in Table 124 takes effect only when it is performed on CAMS

as well as on the switch and the client version checking function is enabled on the

switch (by the dot1x version-check command).

Configuring Client

Version Checking

As for the dot1x version-user command, if you execute it in system view without

specifying the interface-list argument, the command applies to all ports. You can also

use this command in port view. In this case, this command applies to the current port

only and the interface-list argument is not needed.

Enabling

DHCP-triggered

Authentication

Configuring Guest

VLAN

CAUTION:

The Guest VLAN function is available only when the switch operates in a port-based

authentication mode.

Only one Guest VLAN can be configured for each switch.

Table 125 Configure client version checking

Operation Command Description

Enter system view system-view

Enable 802.1x client

version checking

dot1x version-check [ interface

interface-list ]

Required

By default, 802.1x client version

checking is disabled on a port.

Configure the

maximum number of

retires to send version

checking request

packets

dot1x retry-version-max

max-retry-version-value

Optional

Defaults to 3.

Configure the

client-version-checking

period timer

dot1x timer ver-period

ver-period-value

Optional

The default ver-period-value is 30

seconds

Table 126 Enable DHCP-triggered authentication

Operation Command Description

Enter system view system-view

Enable DHCP-triggered

authentication

dot1x dhcp-launch Optional

By default, DHCP-triggered

authentication is disabled.

Table 127 Configure Guest VLAN

Operation Command Description

Enter system view system-view

Configure port access

method

dot1x port-method { macbased

| portbased }

Optional

The default port access method is

MAC-address-based. That is, the

macbased keyword is used by

default.

Enable the Guest VLAN

function

dot1x guest-vlan vlan-id [

interface interface-list ]

Required

By default, the Guest VLAN

function is disabled.