400
C
HAPTER
39: 802.1
X
C
ONFIGURATION
c
CAUTION:
■
802.1x-related configurations can all be performed in system view. Port access
control mode and port access method can also be configured in port view.
■
If you perform a configuration in system view and do not specify the
interface-list argument, the configuration applies to all ports. Configurations
performed in Ethernet port view apply to the current Ethernet port only and
the interface-list argument is not needed in this case.
■
802.1x configurations take effect only after you enable 802.1x both globally
and for specified ports.
■
Changing the access control method on a port by the
dot1x port-method
command will forcibly log out the online 802.1x users on the port.
■
You can set 802.1x re-authentication timer on the switch either by using the
dot1x reauth-period
command or through the RADIUS server. Upon
receiving an Access-Accept packet, with Termination-Action attribute value set
to 1, from the server, the switch performs authentication at an interval of the
session-timeout value of the Access-Accept packet. In actual authentication,
the switch uses the latest time value obtained as the authentication interval.
■
After re-authentication is enabled on a port, you cannot change the dynamic
VLAN delivery attribute value for the port; if you do so, the re-authentication
will cause users to be offline.
Enable 802.1x for
specified ports
Use the following command in
system view:
dot1x
[
interface
interface-list
]
Required
By default, 802.1x is disabled for
all ports.
Use the following command in
port view:
dot1x
Set port access
control mode for
specified ports
dot1x
port-control
{
authorized-force
|
unauthorized-force
|
auto
}
[
interface
interface-list
]
Optional
By default, an 802.1x-enabled port
operates in an
auto
mode.
Set port access
method for specified
ports
dot1x
port
-
method
{
macbased
|
portbased
} [
interface
interface-list
]
Optional
The default port access method is
MAC-address-based (that is, the
macbased
keyword is used by
default).
Set authentication
method for 802.1x
users
dot1x
authentication-method
{
chap
|
pap
|
eap
}
Optional
By default, a switch performs
CHAP authentication in EAP
terminating mode.
Enable 802.1x
re-authentication
In system view:
dot1x re-authenticate
[
interface
interface-list
]
In port view:
dot1x re-authenticate
Optional
By default, 802.1x
re-authentication is disabled on all
ports.
Table 318
Configure basic 802.1x functions
Operation Command
Description
Summary of Contents for Switch 7754
Page 32: ...32 CHAPTER 1 CLI OVERVIEW ...
Page 70: ...70 CHAPTER 5 LOGGING IN USING MODEM ...
Page 76: ...76 CHAPTER 7 LOGGING IN THROUGH NMS ...
Page 86: ...86 CHAPTER 9 CONFIGURATION FILE MANAGEMENT ...
Page 120: ...120 CHAPTER 13 ISOLATE USER VLAN CONFIGURATION ...
Page 126: ...126 CHAPTER 14 SUPER VLAN ...
Page 136: ...136 CHAPTER 16 IP PERFORMANCE CONFIGURATION ...
Page 152: ...152 CHAPTER 17 IPX CONFIGURATION ...
Page 164: ...164 CHAPTER 19 QINQ CONFIGURATION ...
Page 172: ...172 CHAPTER 21 SHARED VLAN CONFIGURATION ...
Page 182: ...182 CHAPTER 22 PORT BASIC CONFIGURATION ...
Page 198: ...198 CHAPTER 24 PORT ISOLATION CONFIGURATION ...
Page 208: ...208 CHAPTER 25 PORT SECURITY CONFIGURATION ...
Page 224: ...224 CHAPTER 27 DLDP CONFIGURATION ...
Page 232: ...232 CHAPTER 28 MAC ADDRESS TABLE MANAGEMENT ...
Page 240: ...240 CHAPTER 29 CENTRALIZED MAC ADDRESS AUTHENTICATION CONFIGURATION ...
Page 280: ...280 CHAPTER 30 MSTP CONFIGURATION ...
Page 348: ...348 CHAPTER 35 IS IS CONFIGURATION ...
Page 408: ...408 CHAPTER 39 802 1X CONFIGURATION ...
Page 412: ...412 CHAPTER 40 HABP CONFIGURATION ...
Page 422: ...422 CHAPTER 41 MULTICAST OVERVIEW ...
Page 426: ...426 CHAPTER 42 GMRP CONFIGURATION ...
Page 480: ...480 CHAPTER 47 PIM CONFIGURATION ...
Page 506: ...506 CHAPTER 48 MSDP CONFIGURATION ...
Page 552: ...552 CHAPTER 51 TRAFFIC ACCOUNTING CONFIGURATION ...
Page 570: ...570 CHAPTER 53 HA CONFIGURATION ...
Page 582: ...582 CHAPTER 54 ARP CONFIGURATION SwitchA arp protective down recover interval 200 ...
Page 622: ...622 CHAPTER 58 DHCP RELAY AGENT CONFIGURATION ...
Page 684: ...684 CHAPTER 61 QOS CONFIGURATION ...
Page 718: ...718 CHAPTER 63 CLUSTER ...
Page 738: ...738 CHAPTER 67 UDP HELPER CONFIGURATION ...
Page 752: ...752 CHAPTER 69 RMON CONFIGURATION ...
Page 772: ...772 CHAPTER 70 NTP CONFIGURATION ...
Page 796: ...796 CHAPTER 72 FILE SYSTEM MANAGEMENT ...
Page 802: ...802 CHAPTER 73 BIMS CONFIGURATION ...
Page 814: ...814 CHAPTER 74 FTP AND TFTP CONFIGURATION ...
Page 830: ...830 CHAPTER 75 INFORMATION CENTER ...
Page 836: ...836 CHAPTER 76 DNS CONFIGURATION ...
Page 852: ...852 CHAPTER 77 BOOTROM AND HOST SOFTWARE LOADING ...
Page 858: ...858 CHAPTER 78 BASIC SYSTEM CONFIGURATION DEBUGGING ...