User Guide
568
Configuring 802.1x
802.1x Configuration
Step 5
dot1x guest-vlan
vid
(Optional) Configure guest VLAN on the port.
vid:
Specify the ID of the VLAN to be configured as the guest VLAN. The valid values are
from 0 to 4094. 0 means that Guest VLAN is disabled on the port. The configured VLAN
must be an existing 802.1Q VLAN. Clients in the guest VLAN can only access resources
from specific VLANs.
Note
: To use Guest VLAN, the control type of the port should be configured as port-based.
Step 6
dot1x port-control
{ auto | authorized-force | unauthorized-force }
Configure the control mode for the port. By default, it is auto.
auto
: If this option is selected, the port can access the network only when it is authenticated.
authorized-force
: If this option is selected, the port can access the network without
authentication.
unauthorized-force
: If this option is selected, the port can never be authenticated.
Step 7
dot1x port-method
{ mac-based | port-based }
Configure the control type for the port. By default, it is mac-based.
mac-based
:
All clients connected to the port need to be authenticated.
port-based
:
If a client connected to the port is authenticated, other clients can access the
LAN without authentication.
Step 8
dot1x max-req
times
Specify the maximum number of attempts to send the authentication packet for the client.
times:
The maximum attempts for the client to send the authentication packet. It ranges
from 1 to 9 and the default is 3.
Step 9
dot1x quiet-period
[time]
(Optional) Enable the quiet feature for 802.1x authentication and configure the quiet period.
time:
Set a value between 1 and 999 seconds for the quiet period. It is 10 seconds by
default. The quiet period starts after the authentication fails. During the quiet period, the
switch does not process authentication requests from the same client.
Step 10
dot1x timeout supp-timeout
time
Configure the supplicant timeout period.
time:
Specify the maximum time for which the switch waits for response from the client.
It ranges from 1 to 60 seconds and the default time is 30 seconds. If the switch does not
receive any reply from the client within the specified time, it will resend the request.
Step 11
show dot1x interface [fastEthernet
port
|gigabitEthernet
port
| ten-gigabitEthernet
port
]
(Optional) Verify the configurations of 802.1x authentication on the port.
port:
Enter the ID of the port to be configured. If no specific port is entered, the switch will
show configurations of all ports.
Downloaded from