QTECH
Software Configuration Manual
16-212
authentication
16.5.3
802.1X Configuration
Related command of 802.1X configuration is as following :
·
dot1x
·
dot1x daemon
·
dot1x eap-finish
·
dot1x eap-transfer
·
dot1x re-authenticate
·
dot1x re-authentication
·
dot1x timeout re-authperiod
·
dot1x timeout re-authperiod interface
·
dot1x port-control
·
dot1x max-user
·
dot1x user cut
(1) Use
dot1x
command to enable 802.1x. Domain and RADIUS server configurations can be effective
after this function enabling. Use
no dot1x
command to disable 802.1x. Use
show dot1x
command to display
802.1x authentication information.
After enabling 802.1X, user accessed to system can access VLAN resources after authentication. By default,
802.1X disables.
For example :
! Enable 802.1X
QTECH(config)#dot1x
! Display 802.1x authentication information
QTECH(config)#show dot1x
(2) When 802.1x enables, use this command to configure whether a port send and sending period :
dot1x 802.1x daemon
By default, 802.1x daemon is not sent by default. When 802.1x enables, default interval to send daemon is
60seconds.
For example :
! Enable dot1x daemon on ethernet 0/0/5 with the period time of 20 seconds
QTECH(config-if-ethernet-0/0/5)#dot1x daemon time 20
(3) Use
dot1x eap-finish
and
dot1x eap-transfer
command to configure protocol type between system
and RADIUS server :
After using dot1x eap-transfer command, 802.1 authentication packet encapsulated by EAP frame from user
is sent to RADIUS server after transfering to data frame encapsulated by other high level protocol. After using dot1x
eap-transfer command, 802.1 authentication packet encapsulated by EAP frame from user is sent to RADIUS server
without any changes.
For example :
! Configure authentication packet tramsitting to be eap-finish
QTECH(config)#dot1x eap-finish
(4) Use dot1x re-authenticate command to re-authenticate current interface. Use dot1x re-authentication
command to enable 802.1x re-authentication. Use no dot1x re-authentication command to disable 802.1x
re-authentication. Use dot1x timeout re-authperiod command to configure 802.1x re-authperiod. Use dot1x timeout
re-authperiod interface command to configure 802.1x re-authperiod of a specified interface. Please refer to command
line configuration to see the details.
(5) Use dot1x port-control command to configure port control mode.
After 802.1X authentication enables, all interfaces of the system default to be needing authentication, but
interfaces of uplink and connecting to server need not authentication. Use dot1x port-control command to configure
port control mode. Use no dot1x port-control command to restore the default port control. Use show dot1x interface
command to display configuration of interface.