Hà Nội: NTT03, Line 1, Thống Nhất Complex, 82 Nguyễn Tuân, Thanh Xuân, Hà Nội. ● HCM: Số 31B, Đường 1, Phường An Phú, Quận 2 (Thủ Đức), TP HCM. ===> Đơn Vị Hàng Đầu Trong Lĩnh Vực Cung Cấp Thiết Bị Security - Network - Wifi - CCTV - Conference - Máy chủ Server - Lưu trữ Storge.
Danh mục sản phẩm

Configure Trusted Device Access

Configuration Condition

None

Configure User Name and Password of Trusted Device Access

To connect the access device to the network successfully, you need to configure the user name and password of the trusted device access on the port connected to the authentication device. The configured user name and password are sent to the authentication device for authentication as the authentication credential of the access device via the 802.1X protocol (MD5-Challenge mode)

Table 14–2 Configure the user name and password of the trusted device access

Step

Command

Description

Enter global configuration mode

configure terminal

-

Enter the L2 Ethernet interface configuration mode

interface interface-name

Either

After entering the L2 Ethernet interface configuration mode, the subsequent configuration can only take effect on the current interface. After entering the aggregation group configuration mode, the subsequent configuration can only take effect on the aggregation group.

Enter the aggregation group configuration mode

interface link-aggregation link-aggregation-id

Configure the user name and password of the trusted device access

dot1x client user username password 0 password

Mandatory

By default, the port is not configured with the user name or password of the trusted device access.

note


  • In one port, you can only configure one user name and password for the device access. In one port, the new user name and password will cover the original user name and password in the port.

Configure Access User Name Format of Trusted Device

802.1X authentication determines whether the peer initiating the authentication is a device or a terminal by whether the protocol packet EAP-Response/Identity carries the device ID. When the access user name of the trusted device in one port carries the device ID, the authentication initiated by the port is the 802.1X device authentication. When the access user name of the trusted device in one port does not carry the device ID, the authentication initiated by the port is the 802.1X terminal authentication.

Table 14–3 Configure the user name format of the trusted device access

Step

Command

Description

Enter global configuration mode

configure terminal

-

Enter the L2 Ethernet interface configuration mode

interface interface-name

Either

After entering the L2 Ethernet interface configuration mode, the subsequent configuration can only take effect on the current interface. After entering the aggregation group configuration mode, the subsequent configuration can only take effect on the aggregation group.

Enter the aggregation group configuration mode

interface link-aggregation link-aggregation-id

Configure the user name format of the trusted device access

dot1x client user-name-format { with-dev-flag | without-dev-flag }

Mandatory

By default, the user name of the trusted device access in the port carries the device ID.

Configure Trigger Period of Trusted Device Access

Before passing the authentication, the accessed device actively initiates the EAPoL-Start packet to perform the 802.1X device authentication according to the configured access trigger period, ensuring that the accessed device can connect the network fast.

Table 14–4 Configure the trigger period of the trusted device access

Step

Command

Description

Enter global configuration mode

configure terminal

-

Enter the L2 Ethernet interface configuration mode

interface interface-name

Either

After entering the L2 Ethernet interface

Enter the aggregation group configuration mode

interface link-aggregation link-aggregation-id

configuration mode, the subsequent configuration can only take effect on the current interface. After entering the aggregation group configuration mode, the subsequent configuration can only take effect on the aggregation group.

Configure the trigger period of the trusted device access

dot1x client auth-interval interval-value

Mandatory

By default, the trigger period of the trusted device access in the port is 15s.

Enable Access Function of Trusted Device

After enabling the access function of the device, the accessed device actively performs the 802.1X device authentication before passing the authentication. After passing the 802.1X device authentication, the authenticated device enables the controlled port, and the accessed device successfully connects the network.

Table 14–5 Enable the access function of the trusted device

Step

Command

Description

Enter global configuration mode

configure terminal

-

Enter the L2 Ethernet interface configuration mode

interface interface-name

Either

After entering the L2 Ethernet interface configuration mode, the subsequent configuration can only take effect on the current interface. After entering the aggregation group configuration mode, the subsequent configuration can only take effect on the aggregation group.

Enter     the              aggregation group configuration mode

interface link-aggregation link-aggregation-id

Enable the access function of the trusted device

dot1x client { enable | disable }

Mandatory

By default, the access function of the trusted device in the port is disabled.

note


  • You cannot enable the access function and 802.1X authentication function of the trusted device on one port at the same time.
  • You cannot enable the access function and MAC address authentication function of the trusted device on one port at the same time.
  • You cannot enable the access function and secure channel authentication function of the trusted device on one port at the same time.