Filter
Top Products
Configuring 802.1x 393
Implementing 802.1x on
the Switch
The Switch 5500 Family not only supports the port access authentication method
regulated by 802.1x, but also extends and optimizes it in the following way:
■ Support to connect several End Stations in the downstream using a physical port.
■ The access control (or the user authentication method) can be based on port or
MAC address.
■ In this way, the system becomes much securer and easier to manage.
Configuring 802.1x The configuration tasks of 802.1x itself can be fulfilled in System View of the Ethernet
switch. When the global 802.1x is not enabled, you can configure the 802.1x state of
the port. The configured items will take effect after the global 802.1x is enabled.
When 802.1x is enabled on a port, the maximum number of MAC address learning
which is configured by the command
mac-address max-mac-count cannot be
configured on the port, and vice versa.
The main 802.1x configuration includes:
■ Enabling/disabling 802.1x
■ Setting the port access control mode
■ Setting the port access control method
■ Checking the users that log on the Switch using proxy
■ Setting the maximum number of users using each port
■ Setting the Authentication in DHCP Environment
■ Configuring the authentication method for 802.1x user
■ Setting the maximum times of authentication request message retransmission
■ Configuring timers
■ Enabling/disabling a quiet-period timer
Among the above tasks, the first one is compulsory, otherwise 802.1x will not take
any effect. The other tasks are optional. You can perform the configurations at
requirements.
Enabling/Disabling
802.1x
The following command can be used to enable/disable the 802.1x on the specified
port or globally. When it is used in System View ,if the parameter
interface-list is
not specified, 802.1x will be globally enabled. If the parameter
interface-list is
specified, 802.1x will be enabled on the specified port. When this command is used in
Ethernet port view, the parameter
interface-list cannot be input and 802.1x can
only be enabled on the current port.
Perform the following configurations in System View or Ethernet Port View.
Table 412 Enabling/Disabling 802.1x
You can configure 802.1x on an individual port before it is enabled globally. The
configuration will take effect after 802.1x is enabled globally.
By default, 802.1x authentication has not been enabled globally and on any port.
Operation Command
Enable the 802.1x dot1x [ interface interface_list ]
Disable the 802.1x undo dot1x [ interface interface_list ]