3com 5500-SI Manual De Usuario
Configuring 802.1x 395
Setting the User Number
on a Port
The following commands are used for setting the number of users allowed by 802.1x
on a specified port. When no port is specified, all the ports accept the same number
of users.
on a specified port. When no port is specified, all the ports accept the same number
of users.
Perform the following configurations in System View or Ethernet Port View.
Table 416 Setting the Maximum Number of Users using a Specified Port
By default, 802.1x allows up to 256 users on each port for Series 5500 Switches.
Setting the
Authentication in DHCP
Environment
If in a DHCP environment the users configure static IP addresses, you can set 802.1x
to disable the Switch to trigger the user ID authentication over them with the
following command.
to disable the Switch to trigger the user ID authentication over them with the
following command.
Perform the following configurations in System View.
Table 417 Setting the Authentication in DHCP Environment
By default, the Switch can trigger the user ID authentication over the users who
configure static IP addresses in DHCP environment.
configure static IP addresses in DHCP environment.
Configuring the
Authentication Method
for 802.1x User
The following commands can be used to configure the authentication method for
802.1x user. Three methods are available: PAP authentication (the RADIUS server must
support PAP authentication), CHAP authentication (the RADIUS server must support
CHAP authentication), EAP relay authentication (the Switch sends authentication
information to the RADIUS server in the form of EAP packets directly and the RADIUS
server must support EAP authentication).
802.1x user. Three methods are available: PAP authentication (the RADIUS server must
support PAP authentication), CHAP authentication (the RADIUS server must support
CHAP authentication), EAP relay authentication (the Switch sends authentication
information to the RADIUS server in the form of EAP packets directly and the RADIUS
server must support EAP authentication).
Perform the following configurations in System View.
Table 418 Configuring the Authentication Method for 802.1x User
By default, CHAP authentication is used for 802.1x user authentication.
802.1x PEAP
Configuration
Protected extensible authentication protocol (PEAP) authenticates supplicant systems
in a securer way. With PEAP employed, a security channel is created, which is
encrypted and is protected using transport level security (TLS) to ensure integrity. And
authentication is carried out through a new type of EAP (extensible authentication
protocol) negotiation between supplicant systems and authentication servers.
in a securer way. With PEAP employed, a security channel is created, which is
encrypted and is protected using transport level security (TLS) to ensure integrity. And
authentication is carried out through a new type of EAP (extensible authentication
protocol) negotiation between supplicant systems and authentication servers.
Operation
Command
Set maximum number of users using
specified port
specified port
dot1x max-user
user_number [ interface
interface_list
]
Restore the maximum number of
users on the port to the default value
users on the port to the default value
undo dot1x max-user [ interface
interface_list ]
Operation
Command
Disable the switch to trigger the user ID
authentication over the users who configure
static IP addresses in DHCP environment
authentication over the users who configure
static IP addresses in DHCP environment
dot1x dhcp-launch
Enable the switch to trigger the
authentication over them
authentication over them
undo dot1x dhcp-launch
Operation
Command
Configure authentication method
for 802.1x user
for 802.1x user
dot1x authentication-method { chap | pap |
eap md5-challenge}
eap md5-challenge}
Restore the default authentication
method for 802.1x user
method for 802.1x user
undo dot1x authentication-method