3Com Switch 7750 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

391

392

393

394

395

396

397

398

399

400

400 CHAPTER 39: 802.1X CONFIGURATION

CAUTION:

■ 802.1x-related configurations can all be performed in system view. Port access

control mode and port access method can also be configured in port view.

■ If you perform a configuration in system view and do not specify the

interface-list argument, the configuration applies to all ports. Configurations

performed in Ethernet port view apply to the current Ethernet port only and

the interface-list argument is not needed in this case.

■ 802.1x configurations take effect only after you enable 802.1x both globally

and for specified ports.

■ Changing the access control method on a port by the dot1x port-method

command will forcibly log out the online 802.1x users on the port.

■ You can set 802.1x re-authentication timer on the switch either by using the

dot1x reauth-period command or through the RADIUS server. Upon

receiving an Access-Accept packet, with Termination-Action attribute value set

to 1, from the server, the switch performs authentication at an interval of the

session-timeout value of the Access-Accept packet. In actual authentication,

the switch uses the latest time value obtained as the authentication interval.

■ After re-authentication is enabled on a port, you cannot change the dynamic

VLAN delivery attribute value for the port; if you do so, the re-authentication

will cause users to be offline.

Enable 802.1x for

specified ports

Use the following command in

system view:

dot1x [ interface interface-list ]

Required

By default, 802.1x is disabled for

all ports.

Use the following command in

port view:

dot1x

Set port access

control mode for

specified ports

dot1x

port-control { authorized-force

| unauthorized-force | auto }

[ interface interface-list ]

Optional

By default, an 802.1x-enabled port

operates in an auto mode.

Set port access

method for specified

ports

dot1x

port-method { macbased |

portbased } [ interface

interface-list ]

Optional

The default port access method is

MAC-address-based (that is, the

macbased keyword is used by

default).

Set authentication

method for 802.1x

users

dot1x

authentication-method { chap

| pap | eap }

Optional

By default, a switch performs

CHAP authentication in EAP

terminating mode.

Enable 802.1x

re-authentication

In system view:

dot1x re-authenticate

[ interface interface-list ]

In port view:

dot1x re-authenticate

Optional

By default, 802.1x

re-authentication is disabled on all

ports.

Table 318 Configure basic 802.1x functions

Operation Command Description