Operation Manual – 802.1x-HABP-MAC Authentication
H3C S3610&S5510 Series Ethernet Switches
Chapter 1 802.1x Configuration
1-17
Note that:
z
The 802.1x proxy detection function depends on the online user handshake
function. Be sure to enable handshake before enabling proxy detection and to
disable proxy detection before disabling handshake.
z
You can neither add an 802.1x-enabled port into an aggregation group nor enable
802.1x on a port being a member of an aggregation group.
z
Once enabled with the 802.1x multicast trigger function, a port sends multicast
trigger messages to the client periodically to initiate authentication.
z
For a user-side device sending untagged traffic, the voice VLAN function and
8021.x are mutually exclusive and cannot be configured together on the same port.
For details about voice VLAN, refer to
VLAN Configuration
.
z
In EAP relay authentication mode, the authenticator encapsulates the 802.1x user
information in the EAP attributes of RADIUS packets and sends the packets to the
RADIUS server for authentication. In this case, you can configure the
user-name-format
command but it does not take effect. For information about the
user-name-format
command, refer to
AAA RADIUS HWTACACS Commands.
z
If the username of a supplicant contains the version number or one or more blank
spaces, you can neither retrieve information nor disconnect the supplicant by
using the username. However, you can use items such as IP address and
connection index number to do so.
1.3 Configuring a Guest VLAN
1.3.1 Configuration Prerequisites
z
Enable 802.1x
z
Set the port access control method to
portbased
for the port
z
Set the port access control mode to
auto
for the port
z
Create the VLAN to be specified as the guest VLAN
1.3.2 Configuration Procedure
Follow these steps to configure Guest VLAN:
To do…
Use the command…
Remarks
Enter system view
system-view
—
dot1x guest-vlan vlan-id
[
interface
interface-list
]
Configure the guest
VLAN for specified
or all ports
Or in Ethernet interface view
interface interface-type interface-number
dot1x guest-vlan
vlan-id
Required
By default, a
port is
configured with
no guest VLAN.