3Com Switch 7750 Configuration Guide Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

471

472

473

474

475

476

477

478

479

480

472 CHAPTER 46: 802.1X CONFIGURATION

CAUTION:

■ 802.1x-related configurations can all be performed in system view. Port access

control mode and port access method can also be configured in port view.

■ If you perform a configuration in system view and do not specify the

interface-list argument, the configuration applies to all ports. Configurations

performed in Ethernet port view apply to the current Ethernet port only and

the interface-list argument is not needed in this case.

■ 802.1x configurations take effect only after you enable 802.1x both globally

and for specified ports.

■ You can set 802.1x re-authentication timer on the switch either by using the

dot1x reauth-period command or through the RADIUS server. Upon receiving

an Access-Accept packet, with Termination-Action attribute value set to 1,

from the server, the switch performs authentication at an interval of the

session-timeout value of the Access-Accept packet. In actual authentication,

the switch uses the latest time value obtained as the authentication interval.

Enable 802.1x globally dot1x

Required

By default, 802.1x is disabled

globally.

Enable 802.1x for specified

ports

Use the following command

in system view:

dot1x [ interface

interface-list ]

Required

By default, 802.1x is disabled

for all ports.

Use the following command

in port view:

dot1x

Set port access control mode

for specified ports

dot1x port-control {

authorized-force |

unauthorized-force | auto }

[ interface interface-list ]

Optional

By default, an 802.1x-enabled

port operates in an auto

mode.

Set port access method for

specified ports

dot1x port-method {

macbased | portbased } [

interface interface-list ]

Optional

The default port access

method is

MAC-address-based (that is,

the macbased keyword is

used by default).

Set authentication method for

802.1x users

dot1x

authentication-method {

chap | pap | eap }

Optional

By default, a switch performs

CHAP authentication in EAP

terminating mode.

Enable 802.1x

re-authentication

In system view:

dot1x re-authenticate [

interface interface-list ]

In port view:

dot1x re-authenticate

Optional

By default, 802.1x

re-authentication is disabled

on all ports.

Table 360 Configure basic 802.1x functions

Operation Command Description