3com S7906E Instrução De Instalação
1-13
authentication domain for authentication, authorization, and accounting of all 802.1X users on the port.
In this way, users accessing the port cannot use any account in other domains.
Meanwhile, for EAP relay mode 802.1X authentication that uses certificates, the certificate of a user
determines the authentication domain of the user. However, you can specify different mandatory
authentication domains for different ports even if the user certificates are from the same certificate
authority (that is, the user domain names are the same). This allows you to deploy 802.1X access
policies flexibly.
802.1X Configuration Task List
Complete the following tasks to configure 802.1X:
Task
Remarks
Required
Optional
Optional
Optional
Optional
Optional
Optional
Optional
Optional
Optional
802.1X Basic Configuration
Configuration Prerequisites
802.1X provides a method for implementing user identity authentication. However, 802.1X cannot
implement the authentication scheme solely by itself. RADIUS or local authentication must be
configured to work with 802.1X.
z
Configure the ISP domain to which the 802.1X user belongs and the AAA scheme to be used (that
is, local authentication or RADIUS).
z
For remote RADIUS authentication, the username and password information must be configured
on the RADIUS server.
z
For local authentication, the username and password information must be configured on the device
and the service type must be set to lan-access.
For detailed configuration of the RADIUS client, refer to AAA Configuration in the Security Volume.
Configuring 802.1X Globally
Follow these steps to configure 802.1X globally:
To do…
Use the command…
Remarks
Enter system view
system-view
—