3Com Switch 8800 Advanced Software V5 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 9400sl 4-Port 10-GbE Module

921

922

923

924

925

926

927

928

929

930

928 CHAPTER 71: 802.1X CONFIGURATION

■ 802.1x must be enabled both globally in system view and for the intended

ports in system view or Ethernet interface view. Otherwise, it does not

function.

■ Generally, it is unnecessary to change 802.1x timers unless in some special or

extreme network environments.

■ The 802.1x proxy detection function must be enabled both globally in system

view and for intended ports in system view or Ethernet interface view.

Otherwise, it does not function.

■ The 802.1x proxy detection function depends on the online user handshake

function. Be sure to enable handshake before enabling proxy detection and to

disable proxy detection before disabling handshake.

■ You can neither add an 802.1x-enabled port into an aggregation group nor

enable 802.1x on a port being a member of an aggregation group.

■ In EAP relay authentication mode, the authenticator encapsulates the 802.1x

user information in the EAP attributes of RADIUS packets and sends the

packets to the RADIUS server for authentication. In this case, you can configure

the user-name-format command but it does not take effect. For information

about the user-name-format command, refer to the Switch 8800 Command

Reference Guide.

■ If the username of a supplicant contains the version number or one or more

blank spaces, you can neither retrieve information nor disconnect the

supplicant by using the username. However, you can use items such as IP

address and connection index number to do so.

Configuring a Guest

VLAN

Configuration

Prerequisites

■ Enable 802.1x

■ Set the port access control method to portbased for the port

■ Set the port access control mode to auto for the port

■ Set the port link type to access.

■ Create the VLAN to be specified as the guest VLAN

Configuration Procedure Follow these steps to configure Guest VLAN:

To do... Use the command... Remarks

Enter system view system-view -

Configure the guest VLAN for

specified or all ports

dot1x guest-vlan vlan-id [

interface interface-list ]

Required

By default, a port is

configured with no guest

VLAN.

Or in Ethernet interface view

interface interface-type

interface-number

dot1x guest-vlan vlan-id