Инструкции По Установке для 3com S7906E
1-15
Configuring 802.1X for a Port
Enabling 802.1X for a port
Follow these steps to enable 802.1X for a port:
To do…
Use the command…
Remarks
Enter system view
system-view
—
In system
view
view
dot1x interface interface-list
interface interface-type
interface-number
interface-number
Enable
802.1X for
one or more
ports
802.1X for
one or more
ports
In Ethernet
interface view
interface view
dot1x
Required
Use either approach.
Disabled by default
Configuring 802.1X parameters for a port
Follow these steps to configure 802.1X parameters for a port:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enter Ethernet interface view
interface interface-type
interface-number
interface-number
—
Specify the port authorization
mode for the port
mode for the port
dot1x port-control
{ authorized-force | auto |
unauthorized-force }
{ authorized-force | auto |
unauthorized-force }
Optional
auto by default
Specify the port access control
method for the port
method for the port
dot1x port-method
{ macbased | portbased }
{ macbased | portbased }
Optional
macbased by default
Set the maximum number of
users for the port
users for the port
dot1x max-user user-number
Optional
1024 by default
Note that:
z
Enabling 802.1X on a port is mutually exclusive with adding the port to an aggregation group and
adding the port to a service loopback group.
z
For a user-side device sending untagged traffic, the voice VLAN function and 802.1X are mutually
exclusive and cannot be configured together on the same port. For details about voice VLAN, refer
to VLAN Configuration in the Access Volume.
z
In EAP relay authentication mode, the device encapsulates the 802.1X user information in the EAP
attributes of RADIUS packets and sends the packets to the RADIUS server for authentication. In
this case, you can configure the user-name-format command but it does not take effect. For
information about the user-name-format command, refer to AAA Commands in the Security
Volume.
z
If the username of a client contains the version number or one or more blank spaces, you can
neither retrieve information nor disconnect the client by using the username. However, you can use
items such as IP address and connection index number to do so.