1740 CHAPTER 92: 802.1X CONFIGURATIONConfiguring 802.1xConfigurationPrerequisites802.1x provides a user identity authentication scheme. However, 802.1x cannotimplement the authentication scheme solely by itself. RADIUS or localauthentication must be configured to work with 802.1x.■ Configure the ISP domain to which the 802.1x user belongs and the AAAscheme to be used (that is, local authentication or RADIUS).■ For remote RADIUS authentication, the username and password informationmust be configured on the RADIUS server.■ For local authentication, the username and password information must beconfigured on the authenticator and the service type must be set tolan-access.For detailed configuration of the RADIUS client, refer to “Configuring RADIUS” onpage 1769.Configuring 802.1xGloballyFollow these steps to configure 802.1x globally:To do... Use the command... RemarksEnter system view system-view -Enable 802.1x globally dot1x RequiredDisabled by defaultSet the authentication method dot1xauthentication-method{ chap | eap | pap }OptionalCHAP by defaultSet the portaccess controlparametersSet the portaccess controlmode forspecified or allportsdot1x port-control{ authorized-force | auto |unauthorized-force }[ interface interface-list ]Optionalauto by defaultSet the portaccess controlmethod forspecified or allportsdot1x port-method{ macbased | portbased }[ interface interface-list ]Optionalmacbased by defaultSet themaximumnumber ofusers forspecified or allportsdot1x max-useruser-number [ interfaceinterface-list ]OptionalThe default varies by device.Set the maximum number ofattempts to send anauthentication request to asupplicantdot1x retry max-retry-value Optional2 by default