ACL assignment
You can specify an ACL for an 802.1X user to control the user's access to network resources. After the
user passes 802.1X authentication, the authentication server (either the local access device or a RADIUS
server) assigns the ACL to the port to filter the traffic from this user. In either case, you must configure the
ACL on the access device. You can change ACL rules while the user is online.
Configuration prerequisites
Configure an ISP domain and AAA scheme (local or RADIUS authentication) for 802.1X users.
•
If RADIUS authentication is used, create user accounts on the RADIUS server.
•
If local authentication is used, create local user accounts on the access device, and set the service
•
type to lan-access.
802.1X configuration task list
Task
Enabling 802.1X
Enabling EAP relay or EAP termination
Setting the port authorization state
Specifying an access control method
Setting the maximum number of concurrent 802.1X users on a port
Setting the maximum number of authentication request attempts
Setting the 802.1X authentication timeout timers
Configuring the online user handshake function
Configuring the authentication trigger function
Specifying a mandatory authentication domain on a port
Configuring the quiet timer
Enabling the periodic online user re-authentication function
Configuring an 802.1X guest VLAN
Configuring an Auth-Fail VLAN
Specifying supported domain name delimiters
Enabling 802.1X
802.1X is mutually exclusive with link aggregation and service loopback group configuration on a port.
To enable 802.1X on a port:
To do...
1.
Enter system view.
2.
Enable 802.1X globally.
Use the command...
system-view
dot1x
74
Remarks
Required
Optional
Optional
Optional
Optional
Optional
Optional
Optional
Optional
Optional
Optional
Optional
Optional
Optional
Optional
Remarks
—
Required.
Disabled by default.