3com S7906E Istruzione Sull'Installazione

 

1-13 

authentication domain for authentication, authorization, and accounting of all 802.1X users on the port. 

In this way, users accessing the port cannot use any account in other domains.  

Meanwhile, for EAP relay mode 802.1X authentication that uses certificates, the certificate of a user 

determines the authentication domain of the user. However, you can specify different mandatory 

authentication domains for different ports even if the user certificates are from the same certificate 

authority (that is, the user domain names are the same). This allows you to deploy 802.1X access 

policies flexibly. 

Complete the following tasks to configure 802.1X: 

802.1X Basic Configuration 

Required 

Enabling the Online User Handshake Function 

Optional 

Enabling the Proxy Detection Function 

Optional 

Optional 

Optional 

Specifying a Mandatory Authentication Domain for a Port 

Optional 

Enabling the Quiet Timer Function 

Optional 

Optional 

Optional 

Configuring an Auth-Fail VLAN 

Optional 

 

802.1X provides a method for implementing user identity authentication. However, 802.1X cannot 

implement the authentication scheme solely by itself. RADIUS or local authentication must be 

configured to work with 802.1X.  

z 

Configure the ISP domain to which the 802.1X user belongs and the AAA scheme to be used (that 

is, local authentication or RADIUS).  

z 

For remote RADIUS authentication, the username and password information must be configured 

on the RADIUS server. 

z 

For local authentication, the username and password information must be configured on the device 

and the service type must be set to lan-access. 

For detailed configuration of the RADIUS client, refer to AAA Configuration in the Security Volume.  

Follow these steps to configure 802.1X globally: 

Enter system view 

—