H3C S7500 Series Ethernet Switches Operation Manual

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module

501

502

503

504

505

506

507

508

509

510

Operation Manual – 802.1x

H3C S7500 Series Ethernet Switches

Chapter 1 802.1x Configuration

1-13

z You can also specify to adopt RADIUS authentication scheme, with a local

authentication scheme as an alternative. In this case, the local authentication

scheme is adopted when the RADIUS server fails.

Refer to AAA-RADIUS-HWTACACS-EAD Operation Manual for detailed information

about AAA configuration.

1.3 Basic 802.1x Configuration

To utilize 802.1x features, you need to perform basic 802.1x configuration.

1.3.1 Prerequisites

z Configure ISP domain and its AAA scheme, specify the authentication scheme

( RADIUS or a local scheme) .

z For local authentication scheme, configure the service type of local users as

lan-access.

1.3.2 Configuring Basic 802.1x Functions

Table 1-1 Configure basic 802.1x functions

To do... Use the command... Remarks

Enter system view

system-view

—

Enable 802.1x

globally

dot1x

Required

Disabled by default

Use the following command in system

view:

dot1x [ interface interface-list ]

Enable 802.1x for

the specified ports

Use the following command in port

view:

dot1x

Required

Disabled by default

Specify access

control mode for

the specified ports

dot1x port-control

{ authorized-force |

unauthorized-force | auto }

[ interface interface-list ]

Optional

auto mode by default

Specify access

method for the

specified ports

dot1x port-method { macbased |

portbased } [ interface interface-list ]

Optional

macbased method

by default

Specify

authentication

method for 802.1x

users

dot1x authentication-method

{ chap | pap | eap }

Optional

By default, a switch

performs CHAP

authentication in

EAP termination

mode.