Task
Setting the port authorization state
Specifying an access control method
Setting the maximum number of concurrent 802.1X users on a port
Setting the maximum number of authentication request attempts
Setting the 802.1X authentication timeout timers
Configuring the online user handshake function
Configuring the authentication trigger function
Specifying a mandatory authentication domain on a port
Enabling the quiet timer
Enabling the periodic online user re-authentication function
Configuring an 802.1X guest VLAN
Configuring an Auth-Fail VLAN
Enabling 802.1X
NOTE:
If the default VLAN of a port is a voice VLAN, the 802.1X function cannot take effect on the port. For more
information about voice VLANs, see the
802.1X is mutually exclusive with link aggregation group configuration on a port.
Follow these steps to enable 802.1X on a port:
To do...
Enter system view
Enable 802.1X globally
Enable 802.1X
on a port
Specifying EAP relay or EAP termination
When configuring EAP relay or EAP termination, consider the following factors:
The support of the RADIUS server for EAP packets
The authentication methods supported by the 802.1X client and the RADIUS server
If the client is using only MD5-Challenge EAP authentication or the "username + password" EAP
authentication initiated by an iNode 802.1X client, you can use both EAP termination and EAP relay. To
Layer 2—LAN Switching Configuration Guide.
Use the command...
system-view
dot1x
In system view
dot1x interface interface-list
In Layer 2
interface interface-type interface-number
Ethernet
dot1x
interface view
75
Remarks
Optional
Optional
Optional
Optional
Optional
Optional
Optional
Optional
Optional
Optional
Optional
Optional
Remarks
—
Required
Disabled by default.
Required
Use either approach.
Disabled by default.