3com 8807 User Guide
802.1x Configuration
223
Implementing 802.1x on
Ethernet Switches
3Com Series Ethernet Switches not only support the port access authentication
method regulated by 802.1x, but also extend and optimize it in the following way:
method regulated by 802.1x, but also extend and optimize it in the following way:
■
Support to connect several End Stations in the downstream via a physical port.
■
The access control (or the user authentication method) can be based on port or
MAC address.
MAC address.
In this way, the system becomes much securer and easier to manage.
802.1x Configuration
The configuration tasks of 802.1x itself can be fulfilled in system view of the
Ethernet switch. After the global 802.1x is enabled, the user can configure the
802.1x state of the port. The configured items will take effect after the global
802.1x is enabled.
Ethernet switch. After the global 802.1x is enabled, the user can configure the
802.1x state of the port. The configured items will take effect after the global
802.1x is enabled.
n
When 802.1x is enabled on a port, the max number of MAC address learning
which is configured by the command mac-address max-mac-count cannot be
configured on the port, and vice versa.
which is configured by the command mac-address max-mac-count cannot be
configured on the port, and vice versa.
The following sections describe 802.1x configuration tasks.
■
■
■
■
■
■
■
■
■
■
■
Among the above tasks, the first one "enabling 802.1x" is compulsory; otherwise
802.1x will not take any effect. The other tasks are optional. You can perform the
configurations at requirements.
802.1x will not take any effect. The other tasks are optional. You can perform the
configurations at requirements.
Enabling/Disabling
802.1x
The following command can be used to enable/disable the 802.1x on the specified
port or globally. When it is used in system view, if the parameter interface-list is
not specified, 802.1x will be globally enabled. If the parameter interface-list is
specified, 802.1x will be enabled on the specified port. When this command is
used in Ethernet port view, other ports cannot be specified and 802.1x can only be
enabled on the current port.
port or globally. When it is used in system view, if the parameter interface-list is
not specified, 802.1x will be globally enabled. If the parameter interface-list is
specified, 802.1x will be enabled on the specified port. When this command is
used in Ethernet port view, other ports cannot be specified and 802.1x can only be
enabled on the current port.
Perform the following configuration in system view or Ethernet port view.