3com 4210 User Manual
168
C
HAPTER
17: 802.1
X
C
ONFIGURATION
G
UIDE
primary authentication 10.11.1.1
primary accounting 10.11.1.2
secondary authentication 10.11.1.2
secondary accounting 10.11.1.1
key authentication name
key accounting money
timer realtime-accounting 15
timer response-timeout 5
retry 5
user-name-format without-domain
#
domain aabbcc.net
scheme radius-scheme radius1 local
access-limit enable 30
idle-cut enable 20 2000
domain system
#
local-user localuser
password simple localpass
service-type lan-access
#
Precautions
1 802.1x and the maximum number of MAC addresses that a port can learn are
mutually exclusive. You cannot configure both of them on a port at the same time.
2 You can neither add an 802.1x-enabled port into an aggregation group nor enable
802.1x on a port which is a member of an aggregation group.
3 When a port uses the MAC-based access control method, users are authenticated
individually and when a user goes offline, no other users are affected. When a port
uses the port-based access control method, once a user passes authentication, all
users on the port can access the network. But if the user gets offline, the port will
be disabled and will log off all the other users.
uses the port-based access control method, once a user passes authentication, all
users on the port can access the network. But if the user gets offline, the port will
be disabled and will log off all the other users.
4 If you use the dot1x port-method command to change the port access method,
all online users will be logged off by force.
5 Handshake packet transmission needs the support of the 3Com private client. The
handshake packets are used to detect whether a user is online.