802.1x Configuration 223802.1x Configuration 802.1x provides a solution for authenticating users. To implement this solution,you need to execute 802.1x-related commands. You also need to configure AAAschemes on switches and specify the authentication scheme (RADIUS, HWTACACSor local authentication scheme).Figure 75 802.1x configuration■ 802.1x users use domain names to associate with the ISP domains configuredon switches■ Configure the AAA scheme (a local authentication scheme or a RADIUSscheme) to be adopted in the ISP domain.■ If you specify to adopt a local authentication scheme, you need to configureuser names and passwords manually on the switches. Users can pass theauthentication through 802.1x client if they provide user names and passwordsthat match those configured on the switches.■ If you use the RADIUS scheme, the supplicant systems are authenticated by aremote RADIUS server. In this case, you need to configure the user names andpasswords on the RADIUS server and perform RADIUS client-relatedconfiguration on the switch.■ You can also specify to adopt the RADIUS authentication scheme, with a localauthentication scheme as a backup. In this case, the local authenticationscheme is adopted when the RADIUS server fails.Refer to “AAA Configuration” on page 245 for detailed information about AAAscheme configuration.Basic 802.1xConfigurationConfigurationPrerequisites■ Configure ISP domain and the AAA scheme to be adopted. You can specify aRADIUS scheme, a HWTACACS scheme, or a local scheme.■ Ensure that the service type is configured as lan-access (by using theservice-type command) if local authentication scheme is adopted.Configuring Basic 802.1xFunctionsISP domainconfigurati on AAA sc hemeLocalauthenticati onRADIUSscheme802.1xconfigurati onISP domainconfigurati on AAA sc hemeLocalauthenticati onRADIUSscheme802.1xconfigurati onTable 162 Configure basic 802.1x functionsOperation Command RemarksEnter system view system-view -Enable 802.1x globally dot1x RequiredBy default, 802.1x is disabledglobally.