ii
4 Troubleshooting AAA································································································································4-1
Troubleshooting RADIUS················································································································4-1
Troubleshooting HWTACACS·········································································································4-2
5 802.1X Configuration·································································································································5-1
802.1X Overview·····································································································································5-1
Architecture of 802.1X·····················································································································5-2
Authentication Modes of 802.1X ·····································································································5-2
Basic Concepts of 802.1X···············································································································5-2
EAP over LAN ·································································································································5-3
EAP over RADIUS···························································································································5-5
802.1X Authentication Triggering····································································································5-5
Authentication Process of 802.1X ···································································································5-6
Features Working Together with 802.1X·························································································5-9
802.1X Configuration ····························································································································5-12
Configuration Prerequisites ···········································································································5-12
802.1X Configuration Task List ·····································································································5-12
Enabling 802.1X on a Port ············································································································5-13
Specifying the Authentication Method of 802.1X Users································································5-14
Specifying the Port Authorization Mode ························································································5-14
Specifying the Access Control Method··························································································5-15
Configuring the Maximum Number of Users Accessible to a Port ················································5-16
Setting the Maximum Number of Attempts for Sending an Authentication Request ····················5-16
Setting 802.1X Timers···················································································································5-17
Configuring the Online User Handshake Function········································································5-18
Enabling the Proxy Detection Function ·························································································5-19
Enabling the Multicast Trigger Function························································································5-20
Enabling the Unicast Trigger Function ··························································································5-20
Specifying a Mandatory Authentication Domain for a Port····························································5-21
Enabling the Quiet Timer···············································································································5-21
Enabling the Re-Authentication Function······················································································5-22
Configuring a Guest VLAN ············································································································5-22
Configuring an Auth-Fail VLAN ·····································································································5-24
Displaying and Maintaining 802.1X·······································································································5-25
802.1X Configuration Examples ···········································································································5-25
802.1X Authentication Configuration Example··············································································5-25
802.1X with Guest VLAN and VLAN Assignment Configuration Example····································5-27
802.1X with ACL Assignment Configuration Example ··································································5-29
6 802.1X-Based EAD Fast Deployment Configuration··············································································6-1
EAD Fast Deployment Overview ············································································································6-1
EAD Fast Deployment Implementation ···························································································6-1
Configuring EAD Fast Deployment·········································································································6-1
Configuration Prerequisites ·············································································································6-2
Configuration Procedure··················································································································6-2
Displaying and Maintaining EAD Fast Deployment ················································································6-3
EAD Fast Deployment Configuration Example·······················································································6-4
