H3C S7500 Series Ethernet Switches Operation Manual

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

501

502

503

504

505

506

507

508

509

510

Operation Manual – 802.1x

H3C S7500 Series Ethernet Switches

Chapter 1 802.1x Configuration

1-12

With the Guest VLAN function enabled, supplicant systems that do not have 802.1x

client installed can access specific network resources. They can also upgrade their

802.1x clients without being authenticated.

With this function enabled:

z The switch multicasts trigger packets to all 802.1x-enabled ports.

z If some port still does not send any response packet after the retry times reaches

the maximum value, the switch will add the port into the Guest VLAN.

z Users belonging to the Guest VLAN can access the resources of the Guest VLAN

without being authenticated. But they need to be authenticated before accessing

external resources.

Normally, the Guest VLAN function is coupled with the dynamic VLAN assignment

function.

For detailed information about dynamic VLAN assignment function, Refer to

AAA-RADIUS-HWTACACS-EAD Operation Manual .

1.2 802.1x Configuration

802.1x provides a solution for authenticating users. To implement this solution, you

need to execute 802.1x-related commands. You also need to configure AAA schemes

on switches and to specify the authentication scheme (RADIUS authentication scheme

or local authentication scheme).

ISP domain

configurati on

AAA sc heme

Local

authenticati on

802.1x

configurati on

ISP domain

configurati on

AAA sc heme

Local

authenticati on

RADIUS

scheme

RADIUS

scheme

802.1x

configurati on

Figure 1-10 802.1x configuration

z 802.1x users use domain names to associate with the ISP domains configured on

switches.

z An AAA scheme (a local authentication scheme or the RADIUS scheme) is

configured for the ISP domain.

z If you specify to use the RADIUS scheme, that is to say the supplicant systems are

authenticated by a remote RADIUS server, you need to configure the related user

names and passwords on the RADIUS server and perform RADIUS client-related

configuration on the switches.

z If you specify to adopt a local authentication scheme, you need to configure user

names and passwords manually on the switches. Users can pass the

authentication through the 802.1x client if they provide the user names and

passwords that match with those stored in the switches.