No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

PowerCube 500 System Configuration Guide (PC500-300H1, PC500-300G1, EG6P-150G1)

Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring 802.1x Security Authentication

Configuring 802.1x Security Authentication

This section describes how to configure 802.1x security authentication and device port policies to authenticate users who access network resources.

Networking Diagram

As shown in Figure 1-1, the access device opens its port to allow a user to access authorized network resources only after the user passes the authentication of the RADIUS server. This ensures network security.

Figure 1-1 Networking diagram for configuring 802.1x security authentication

Data Preparation

The following table describes the data planned for the configuration.

Table 1-3 Data planned for the configuration
Item Parameter Value in This Example Planning Guidelines

Configuring a RADIUS server for 802.1x security authentication

Server IP

Set this parameter based on actual conditions.

Set the IP address of the RADIUS server.

Server Type

Radius Server

Set the server type.
  • Radius Server: The RADIUS protocol is used to transmit authentication packets.

  • Proxy-NAS: The NAS proxy server is used to transmit authentication packets. This server type is currently not supported.

Work State

Master

Set the master or slave state of the RADIUS server.
  • Master: The RADIUS server works in the master state.

  • Slave: The RADIUS server works in the slave state.

Key

Set this parameter based on actual conditions.

Set a shared key between the NAS and RADIUS server. The key is a string of 16 to 128 bytes that consists of uppercase letters, lowercase letters, digits, and special characters.

Retransmission Interval

3

Set an interval at which packets are retransmitted. The value range is 3 to 10 (in seconds).

Retransmission Count

5

Set the number of times that packets are retransmitted. The value range is 1 to 5.

Configuring device port policies for 802.1x security authentication

Protocol Enabling

Enable

Set whether to enable the 802.1x protocol for a port.
  • Enable: The 802.1x protocol is enabled.

  • Disable: The 802.1x protocol is disabled.

Authentication Mode

Automatic

Set the 802.1x authorization mode for a port.
  • Automatic: If the port is in the unauthorized state, only EAP packets are allowed to pass through and the user is not allowed to access network resources. After the user passes the authentication of the RADIUS server, the port changes to the authorized state and allows the user to access network resources. If the user does not pass the authentication of the RADIUS server, the port remains in the unauthorized state and does not allow the user to access network resources.

  • Forced Authorization: The port is always in the authorized state and allows the user to access network resources without being authorized.

  • Forced Unauthorization: The port is always in the unauthorized state and does not allow the user to access network resources.

Default value: Automatic

Control Mode

MAC-Based

Set the 802.1x control mode for a port.
  • MAC-Based: All users connected to the port are authenticated. Only users who pass the authentication are allowed to access network resources. If a user goes offline, only the user cannot use network resources.

  • Port-Based: If the first user on the port passes the authentication, the other users that go online through the port can directly access network resources without being authenticated. The rights of the users are the same as those of the authenticated user. If the authenticated user goes offline, the other users are forced to go offline and they cannot use network resources.

Default value: MAC-Based

Security Mode

Traffic-preferred

Set a 802.1x security policy for a port.
  • Traffic-preferred: During re-authentication, if a user does not receive a response from the RADIUS server, the user remains in the authorized state.

  • Security-preferred: During re-authentication, if a user does not receive a response from the RADIUS server, the user's authorization is revoked.

Default value: Traffic-preferred

Handshake Enabling

Enable

Set whether to enable 802.1x handshakes for a port.
  • Enable: 802.1x handshakes are enabled.

  • Disable: 802.1x handshakes are disabled.

Default value: Enable

Handshake Time

15

Set an interval at which the port sends handshake packets to a user after the user passes the authentication. The value range is 5 to 1024 (in seconds).

Re-authentication Enabling

Disable

Set whether to enable 802.1x re-authentication for a port.
  • Enable: 802.1x re-authentication is enabled.

  • Disable: 802.1x re-authentication is disabled.

Default value: Disable

Re-authentication Time

3600

Set an interval at which a port initiates a re-authentication request to the RADIUS server. The value range is 60 to 7200 (in seconds).

Lockout Enabling

Disable

Set whether to enable 802.1x lockout for a port.
  • Enable: 802.1x lockout is enabled.

  • Disable: 802.1x lockout is disabled.

Default value: Disable

Lockout Time

60

Set the duration for which a user is locked out after the user fails to pass the authentication. During the lockout duration, 802.1x authentication requests from the user are not handled. The value range is 1 to 7200 (in seconds).

Retransmission Count

2

Set the number of 802.1x retransmission times for a port. If the device sends a Request/Identity request packet to the client but does not receive a response within the retransmission time, this parameter specifies the number of times that the device retransmits the packet. The value range is 1 to 10.

Retransmission Time

30

Set the 802.1x retransmission time for a port. If the device sends a Request/Identity request packet to the client but does not receive a response within the retransmission time, it retransmits the packet. The value range is 1 to 65535 (in seconds).

Client Timeout

30

Set the client response timeout duration. If the device sends a Request/Identity request packet to the client but does not receive a response within the client response timeout duration, it retransmits the packet. The value range is 1 to 120 (in seconds).

Procedure

  1. Configure a RADIUS server for 802.1x security authentication.



  2. Configure device port policies for 802.1x security authentication.



Translation
Download
Updated: 2019-04-26

Document ID: EDOC1100021621

Views: 21445

Downloads: 238

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next