No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S1720GFR, S2700, S5700, and S6720 V200R010C00 Web-based Configuration Guide

This document describes the configuration and maintenance of device through the web network management system. The web network management system provides the functions of viewing device information and managing the entire system, interfaces, services, ACL, QoS, routes, security, and tools.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
802.1x

802.1x

You can configure 802.1x parameters globally or on an interface.

IEEE 802.1x, or 802.1x in brief, is a port-based network access control protocol. 802.1x was originated from IEEE 802.11 for wireless local area network (WLAN) access and was first introduced to solve the problem of access authentication of WLAN users. Later, the 802.1x protocol was applied on the Ethernet as a common access control mechanism on LAN interfaces to solve problems of authentication and security on the Ethernet.

Port-based network access control indicates that authentication and control are implemented for access devices on an interface of a LAN access control device. A user device can access LAN resources only after it passes authentication.

NOTE:

This node is only available in the NAC common mode.

802.1X Global Settings

802.1x parameters can be set on interfaces before global 802.1x authentication is enabled, but do not take effect. After global 802.1x authentication is enabled, 802.1x parameters take effect on each interface.

Context

You can configure 802.1x authentication to authenticate and control access devices connected to an interface of a LAN access control device.

Procedure

  1. Choose Security > 802.1X > 802.1X Global Settings in the navigation tree, and the 802.1X Global Settings page is displayed, as shown in Figure 2-211.

    Figure 2-211  802.1X Global Settings

    Table 2-123 describes the parameters on the 802.1X Global Settings page.

    Table 2-123  802.1X Global Settings

    Parameter

    Description

    Global 802.1X

    Indicates whether to enable global 802.1x authentication. The options are Enabled and Disabled. By default, the value is Disabled.

    802.1x parameters can be set before global 802.1x authentication is enabled, but take no effect. After global 802.1x authentication is enabled, 802.1x parameters can be set before of each interface takes effect.

    Quiet period

    Indicates whether to enable the quiet timer function. The options are Enabled and Disabled. By default, the value is Disabled.

    NOTE:

    If a user fails to pass 802.1x authentication after the quiet timer function is enabled, the system keeps the user quiet for a period. In this manner, the impact caused by frequent authentication is prevented. During the quiet period, the switch discards 802.1x authentication request packets from the user.

    DHCP trigger

    Indicates whether to trigger the 802.1x authentication after receiving DHCP messages. The options are Enabled and Disabled. By default, the value is Disabled.

    The switch is enabled to trigger 802.1x authentication after receiving DHCP messages. If a user fails to pass authentication, the user cannot dynamically obtain an IP address from the DHCP server.

    Handshake

    Indicates whether to enable the handshake function. The options are Enabled and Disabled. By default, the value is Disabled.

    NOTE:

    Not all clients support the handshake function. If a client does not support the handshake function, the switch will not receive handshake response packets within the handshake interval. In this case, you need to disable the handshake function to prevent the switch from disconnecting users by mistake.

    Number of quiet failures

    Indicates the number of authentication failures before the 802.1x user enters the quiet state.

    Retry times

    Indicates the number of retransmission times.

    If the switch does not receive a response after sending an authentication request to a user, the switch retransmits the authentication request to the user. If the switch still fails to receive the response when the number of sent authentication requests reaches the limit, the switch does not send the authentication request to the user any more.

    Client timeout

    Indicates the timeout interval of the response from the client.

    Handshake interval

    Indicates the interval of handshakes between the switch and the 802.1x client.

    NOTE:

    The value range varies depending on the device model.

    Re-authentication interval

    Indicates the re-authentication interval. After a user passes 802.1x authentication, the device sends a re-authentication request to the access user after a period. The re-authentication interval is controlled by the re-authentication timer.

    Authentication request interval

    Indicates the interval for sending authentication requests.

    Quiet period

    Indicates the value of the quiet timer. If a user fails to pass 802.1x authentication, the access device waits until the quiet timer expires and re-initiates authentication requests. During the quiet period, the authentication device does not process authentication requests from the user.

  2. Set the parameters.
  3. Click Apply to complete the configuration.

802.1X Interface Settings

You can query, set, and delete 802.1x parameters of an interface.

Context

You can configure 802.1x authentication to authenticate and control access devices connected to an interface of a LAN access control device.

Procedure

  • Query information about 802.1x parameters on an interface.
    1. Choose Security > 802.1X > 802.1X Interface Settings in the navigation tree to open the 802.1X Interface Settings page.
    2. Set the search criteria.
    3. Click Query to display all matching records.
  • Set 802.1x parameters on an interface.
    1. Choose Security > 802.1X > 802.1X Interface Settings in the navigation tree to open the 802.1X Interface Settings page.
    2. Select a record and click Configure. The Configure 802.1X Interface Parameters page is displayed, as shown in Figure 2-212.

      Figure 2-212  Configure 802.1X Interface Parameters

      Table 2-124 describes the parameters on the Configure 802.1X Interface Parameters page.

      Table 2-124  Configure 802.1X Interface Parameters

      Parameter

      Description

      Interface name

      Indicates the name of an interface. The interface name cannot be modified. You can select multiple interfaces each time.

      NOTE:

      If only one interface is selected, the configuration of the interface is displayed on the Configure 802.1X Interface Parameters page. If multiple interfaces are selected, the default settings of the interfaces are displayed.

      Enable 802.1X

      Indicates whether to enable 802.1x authentication. The options are Enabled and Disabled. By default, the value is Disabled.

      NOTE:

      The 802.1x configuration takes effect only after 802.1x authentication is enabled globally and on an interface.

      Control mode

      Indicates the access control mode of an interface. The options are as follows:
      • Auto
      • Authorized Force
      • Unauthorized Force

      By default, the value is Auto.

      Control method

      Indicates the access control mode of an interface. The options are:
      • MAC
      • Port

      By default, the MAC address-based access control method is used.

      NOTE:

      If the value is Port, only one user can access the interface.

      Max number Of users

      Indicates the maximum number of access users on the specified interface. If no interface is specified, all interfaces support the same number of access users.

      NOTE:

      The value range varies depending on the device type.

      802.1X re-authentication

      Indicates whether to enable 802.1x re-authentication. The options are Enabled and Disabled. By default, the value is Disabled.

    3. Set parameters.
    4. Click OK.
  • Clear the configuration of 802.1x parameters on an interface.
    1. Choose Security > 802.1X > 802.1X Interface Settings in the navigation tree to open the 802.1X Interface Settings page.
    2. Select a record and click Clear Configuration. The system asks you whether to delete the record.
    3. Click OK.
Translation
Download
Updated: 2019-04-18

Document ID: EDOC1000114003

Views: 31395

Downloads: 977

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next