3Com Switch 8800 Advanced Software V5 Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 9400sl 4-Port 10-GbE Module

921

922

923

924

925

926

927

928

929

930

Displaying and Maintaining 802.1x 929

■ A super VLAN cannot be set as the guest VLAN. Similarly, a guest VLAN cannot

be set as the super VLAN. For information about super VLAN, refer to

“Super

VLAN Configuration” on page 167.

■ The guest VLAN function does not apply to non-access ports.

■ Configurations in system view are effective to all ports while configurations in

interface view are effective to the current port only.

Displaying and

Maintaining 802.1x

802.1x Configuration

Example

Network requirements

■ As shown in Figure 274, a host is connected to port Ethernet 3/1/1 on the

switch.

■ The access control method of macbased is required on the port to control

supplicants.

■ All AAA supplicants belong to default domain aabbcc.net, which can

accommodate up to 30 users. RADIUS authentication is performed at first, and

then local authentication when no response from the RADIUS server is

received. If the RADIUS accounting fails, the authenticator gets users offline.

■ A server group with two RADIUS servers is connected to the switch. The IP

addresses of the servers are 10.11.1.1 and 10.11.1.2 respectively. Use the

former as the primary authentication/secondary accounting server, and the

latter as the secondary authentication/primary accounting server.

■ Set the shared key for the switch to exchange packets with the authentication

server as name, and that for the switch to exchange packets with the

accounting server as money.

■ Specify the switch to try up to five times at an interval of 5 seconds in

transmitting a packet to the RADIUS server until it receives a response from the

server, and to send real time accounting packets to the accounting server every

15 minutes.

■ Specify the switch to remove the domain name from the username before

passing the username to the RADIUS server.

■ Set the username of the 802.1x user as localuser and the password as

localpassword and specify to use clear text mode. Enable the idle cut function

to get the user offline whenever the user remains idle for over 20 minutes.

To do... Use the command... Remarks

Display 802.1x session

information, statistics, or

configuration information of

specified or all ports

display dot1x [ sessions |

statistics ] [ interface

interface-list ]

Available in any view

Clear 802.1x statistics reset dot1x statistics [

interface interface-list ]

Available in user view