Configure Trusted Device Access
Configuration Condition
None
Configure User Name and Password of Trusted Device Access
To connect the access device to the network successfully, you need to configure the user name and password of the trusted device access on the port connected to the authentication device. The configured user name and password are sent to the authentication device for authentication as the authentication credential of the access device via the 802.1X protocol (MD5-Challenge mode)
Table 14–2 Configure the user name and password of the trusted device access
|
Step
|
Command
|
Description
|
|
Enter global configuration mode
|
configure terminal
|
-
|
|
Enter the L2 Ethernet interface configuration mode
|
interface interface-name
|
Either
After entering the L2 Ethernet interface configuration mode, the subsequent configuration can only take effect on the current interface. After entering the aggregation group configuration mode, the subsequent configuration can only take effect on the aggregation group.
|
|
Enter the aggregation group configuration mode
|
interface link-aggregation link-aggregation-id
|
|
Configure the user name and password of the trusted device access
|
dot1x client user username password 0 password
|
Mandatory
By default, the port is not configured with the user name or password of the trusted device access.
|
-
In one port, you can only configure one user name and password for the device access. In one port, the new user name and password will cover the original user name and password in the port.
Configure Access User Name Format of Trusted Device
802.1X authentication determines whether the peer initiating the authentication is a device or a terminal by whether the protocol packet EAP-Response/Identity carries the device ID. When the access user name of the trusted device in one port carries the device ID, the authentication initiated by the port is the 802.1X device authentication. When the access user name of the trusted device in one port does not carry the device ID, the authentication initiated by the port is the 802.1X terminal authentication.
Table 14–3 Configure the user name format of the trusted device access
|
Step
|
Command
|
Description
|
|
Enter global configuration mode
|
configure terminal
|
-
|
|
Enter the L2 Ethernet interface configuration mode
|
interface interface-name
|
Either
After entering the L2 Ethernet interface configuration mode, the subsequent configuration can only take effect on the current interface. After entering the aggregation group configuration mode, the subsequent configuration can only take effect on the aggregation group.
|
|
Enter the aggregation group configuration mode
|
interface link-aggregation link-aggregation-id
|
|
Configure the user name format of the trusted device access
|
dot1x client user-name-format { with-dev-flag | without-dev-flag }
|
Mandatory
By default, the user name of the trusted device access in the port carries the device ID.
|
Configure Trigger Period of Trusted Device Access
Before passing the authentication, the accessed device actively initiates the EAPoL-Start packet to perform the 802.1X device authentication according to the configured access trigger period, ensuring that the accessed device can connect the network fast.
Table 14–4 Configure the trigger period of the trusted device access
|
Step
|
Command
|
Description
|
|
Enter global configuration mode
|
configure terminal
|
-
|
|
Enter the L2 Ethernet interface configuration mode
|
interface interface-name
|
Either
After entering the L2 Ethernet interface
|
|
Enter the aggregation group configuration mode
|
interface link-aggregation link-aggregation-id
|
configuration mode, the subsequent configuration can only take effect on the current interface. After entering the aggregation group configuration mode, the subsequent configuration can only take effect on the aggregation group.
|
|
Configure the trigger period of the trusted device access
|
dot1x client auth-interval interval-value
|
Mandatory
By default, the trigger period of the trusted device access in the port is 15s.
|
Enable Access Function of Trusted Device
After enabling the access function of the device, the accessed device actively performs the 802.1X device authentication before passing the authentication. After passing the 802.1X device authentication, the authenticated device enables the controlled port, and the accessed device successfully connects the network.
Table 14–5 Enable the access function of the trusted device
|
Step
|
Command
|
Description
|
|
Enter global configuration mode
|
configure terminal
|
-
|
|
Enter the L2 Ethernet interface configuration mode
|
interface interface-name
|
Either
After entering the L2 Ethernet interface configuration mode, the subsequent configuration can only take effect on the current interface. After entering the aggregation group configuration mode, the subsequent configuration can only take effect on the aggregation group.
|
|
Enter the aggregation group configuration mode
|
interface link-aggregation link-aggregation-id
|
|
Enable the access function of the trusted device
|
dot1x client { enable | disable }
|
Mandatory
By default, the access function of the trusted device in the port is disabled.
|
-
You cannot enable the access function and 802.1X authentication function of the trusted device on one port at the same time.
- You cannot enable the access function and MAC address authentication function of the trusted device on one port at the same time.
- You cannot enable the access function and secure channel authentication function of the trusted device on one port at the same time.
Switch
.png){kind=icon}
.png){kind=logo}
