188
C
HAPTER
11: 802.1X C
ONFIGURATION
Configuring the
Authentication Method
for 802.1X User
The following commands can be used to configure the authentication method for
802.1X user. Three methods are available: PAP authentication (the RADIUS server
must support PAP authentication), CHAP authentication (the RADIUS server must
support CHAP authentication), EAP relay authentication (the Switch sends
authentication information to the RADIUS server in the form of EAP packets
directly and the RADIUS server must support EAP authentication).
Perform the following configurations in System View.
Table 195
Configuring the Authentication Method for 802.1X User
By default, CHAP authentication is used for 802.1X user authentication.
Setting the Maximum
Times of Authentication
Request Message
Retransmission
The following commands are used for setting the maximum retransmission times
of the authentication request message that the Switch sends to the user.
Perform the following configurations in System View.
Table 196
Setting the Maximum Times of the Authentication Request Message
Retransmission
By default, the
max-retry-value
is 3. That is, the Switch can retransmit the
authentication request message to a user for a maximum of 3 times.
Configuring Timers
The following commands are used for configuring the 802.1X timers.
Perform the following configurations in System View.
Table 197
Configuring Timers
handshake-period:
This timer begins after the user has passed the
authentication. After setting handshake-period, system will send the handshake
packet by the period. Suppose the dot1x retry time is configured as N, the system
will consider the user having logged off and set the user as logoff state if system
doesn't receive the response from user for consecutive N times.
Operation
Command
Configure authentication method
for 802.1X user
dot1x authentication-method { chap |
pap | eap md5-challenge}
Restore the default authentication
method for 802.1X user
undo dot1x authentication-method
Operation
Command
Set the maximum times of the authentication
request message retransmission
dot1x retry
max_retry_value
Restore the default maximum retransmission times
undo dot1x retry
Operation
Command
Configure timers
dot1x timer { { handshake-period
handshake-period-value
| quiet-period
quiet_period_value
| tx-period
tx_period_value
|
supp-timeout
supp_timeout_value
| server-timeout
server_timeout_value
}
Restore default
settings of the timers
undo dot1x timer { handshake-period | quiet-period
| tx-period | supp-timeout | server-timeout }
Summary of Contents for 400 Family
Page 12: ......
Page 16: ...14 ABOUT THIS GUIDE ...
Page 58: ...56 CHAPTER 2 PORT OPERATION ...
Page 68: ...66 CHAPTER 3 VLAN OPERATION ...
Page 98: ...96 CHAPTER 5 NETWORK PROTOCOL OPERATION ...
Page 124: ...122 CHAPTER 6 IP ROUTING PROTOCOL OPERATION ...
Page 156: ...154 CHAPTER 8 ACL CONFIGURATION ...
Page 218: ...216 CHAPTER 11 802 1X CONFIGURATION ...
Page 298: ...296 CHAPTER 13 PASSWORD CONTROL CONFIGURATION OPERATIONS ...
Page 336: ...334 APPENDIX B RADIUS SERVER AND RADIUS CLIENT SETUP ...