3com 2928 Betriebsanweisung
1-10
z
With a Hybrid port, the VLAN assignment will fail if you have configured the assigned VLAN to carry
tags.
tags.
z
With a Hybrid port, you cannot configure an assigned VLAN to carry tags after the VLAN has been
assigned.
assigned.
ACL assignment
ACLs provide a way of controlling access to network resources and defining access rights. When a user
logs in through a port, and the RADIUS server is configured with authorization ACLs, the device will
permit or deny data flows traversing through the port according to the authorization ACLs. Before
specifying authorization ACLs on the server, you need to configure the ACL rules on the device. You
can change the access rights of users by modifying authorization ACL settings on the RADIUS server or
changing the corresponding ACL rules on the device.
logs in through a port, and the RADIUS server is configured with authorization ACLs, the device will
permit or deny data flows traversing through the port according to the authorization ACLs. Before
specifying authorization ACLs on the server, you need to configure the ACL rules on the device. You
can change the access rights of users by modifying authorization ACL settings on the RADIUS server or
changing the corresponding ACL rules on the device.
Configuring 802.1X
Configuration Task List
802.1X provides a method for implementing user identity authentication. However, 802.1X cannot
implement the authentication method solely by itself. RADIUS or local authentication must be
configured to work with 802.1X. Therefore, before the 802.1X configuration, you need to configure the
following:
implement the authentication method solely by itself. RADIUS or local authentication must be
configured to work with 802.1X. Therefore, before the 802.1X configuration, you need to configure the
following:
z
Configure the ISP domain to which the 802.1X user belongs and the AAA method to be used (that
is, local authentication or RADIUS authentication.
is, local authentication or RADIUS authentication.
z
For remote RADIUS authentication, the username and password information must be configured
on the RADIUS server.
on the RADIUS server.
z
For local authentication, the username and password information must be configured on the device
and the service type must be set to LAN-access.
and the service type must be set to LAN-access.
lists the 802.1X configuration procedure.
Table 1-2
802.1X configuration procedure
Task
Description
Required
Enable 802.1X authentication globally and configure the
Enable 802.1X authentication globally and configure the
authentication method and advanced parameters.
By default, 802.1X authentication is disabled globally.
By default, 802.1X authentication is disabled globally.
Required
Enable 802.1X authentication on specified ports and configure
Enable 802.1X authentication on specified ports and configure
802.1X parameters for the ports.
By default, 802.1X authentication is disabled on a port.
By default, 802.1X authentication is disabled on a port.