H3C S7500E Series Ethernet Switches Operation Manual
Operation Manual – 802.1x - MAC Authentication
H3C S7500E Series Ethernet Switches Chapter 1 802.1x Configuration
1-13
1.2 Configuring 802.1x
1.2.1 Configuration Prerequisites
802.1x provides a user identity authentication scheme. However, 802.1x cannot
implement the authentication scheme solely by itself. RADIUS or local authentication
must be configured to work with 802.1x.
z Configure the ISP domain to which the 802.1x user belongs and the AAA scheme
to be used (that is, local authentication or RADIUS).
z For remote RADIUS authentication, the username and password information must
be configured on the RADIUS server.
z For local authentication, the username and password information must be
configured on the authenticator and the service type must be set to lan-access.
For detailed configuration of the RADIUS client, refer to AAA RADIUS HWTACACS
Configuration.
1.2.2 Configuring 802.1x Globally
Follow these steps to configure 802.1x globally:
To do… Use the command… Remarks
Enter system view
system-view
—
Enable 802.1x globally
dot1x
Required
Disabled by default
Set the authentication
method
dot1x
authentication-metho
d { chap | eap | pap }
Optional
CHAP by default
Set the port
access
control mode
for specified
or all ports
dot1x port-control
{ authorized-force |
auto |
unauthorized-force }
[ interface
interface-list ]
Optional
auto by default
Set the port
access
control
method for
specified or
all ports
dot1x port-method
{ macbased |
portbased } [ interface
interface-list ]
Optional
macbased by default
Set the port
access
control
parameters
Set the
maximum
number of
users for
specified or
all ports
dot1x max-user
user-number [ interface
interface-list ]
Optional
By default, the maximum
number of concurrent
users accessing a port is
1024.