Configure 802.1X Device Authentication
Configuration Condition
None
Enable the Authentication Function of 802.1X Device
To make the 802.1X device authentication function take effect on the authentication device, you need to enable the 802.1X authentication and 802.1X device authentication function at the same time. After the device authentication takes effect, the connected port of the authentication device and access device becomes the controlled port. After device authentication succeeds, the authentication device enables the controlled port, and the access device connects the network successfully.
Table 14–6 Enable the authentication function of the 802.1X device
|
Step
|
Command
|
Description
|
|
Enter global configuration mode
|
configure terminal
|
-
|
|
Enter the L2 Ethernet interface configuration mode
|
interface interface-name
|
Either
After entering the L2 Ethernet interface configuration mode, the subsequent configuration can only take effect on the current interface. After entering the aggregation group configuration mode, the subsequent configuration can only take effect on the aggregation group.
|
|
Enter the aggregation group configuration mode
|
interface link-aggregation link-aggregation-id
|
|
Enable the 802.1X authentication
|
dot1x port-control { enable | disable }
|
Mandatory
By default, the 802.1X authentication function in one port is disabled.
|
|
Enable the 802.1X device authentication
|
dot1x device-auth { enable | disable }
|
Mandatory
By default, the 802.1X device authentication function in one port is disabled.
|
-
You cannot enable the authentication function and MAC address authentication function of the 802.1X device on one port at the same time.
- You cannot enable the authentication function and secure channel authentication function of the 802.1X device on one port at the same time.
Configure Keepalive Period of 802.1X Device Authentication
To detect whether the access device is online, after passing the authentication, the authentication device delivers the keepalive period of the configured 802.1X device authentication to the access device, and the access device initiates the keepalive authentication by the keepalive period. If the authentication device does not receive the keepalive authentication from the access device within three times of the keepalive period, it is regarded that the access device is not online, and change the port status to the controlled state.
Table 14–7 Configure the keepalive period of the 802.1X device authentication
|
Step
|
Command
|
Description
|
|
Enter global configuration mode
|
configure terminal
|
-
|
|
Enter the L2 Ethernet interface configuration mode
|
interface interface-name
|
Either
After entering the L2 Ethernet interface configuration mode, the subsequent configuration can only take effect on the current interface. After entering the aggregation group configuration mode, the subsequent configuration can only take effect on the aggregation group.
|
|
Enter the aggregation group configuration mode
|
interface link-aggregation link-aggregation-id
|
|
Configure the keepalive period of the 802.1X device authentication
|
dot1x device-auth keepalive period-value
|
Mandatory
By default, the keepalive period of the 802.1X device authentication in one port is 600s.
|
Switch
.png){kind=icon}
.png){kind=logo}
