Operation Manual – 802.1x-HABP-MAC AuthenticationH3C S3610&S5510 Series Ethernet Switches Chapter 1 802.1x Configuration1-17Note that:z The 802.1x proxy detection function depends on the online user handshakefunction. Be sure to enable handshake before enabling proxy detection and todisable proxy detection before disabling handshake.z You can neither add an 802.1x-enabled port into an aggregation group nor enable802.1x on a port being a member of an aggregation group.z Once enabled with the 802.1x multicast trigger function, a port sends multicasttrigger messages to the client periodically to initiate authentication.z For a user-side device sending untagged traffic, the voice VLAN function and8021.x are mutually exclusive and cannot be configured together on the same port.For details about voice VLAN, refer to VLAN Configuration.z In EAP relay authentication mode, the authenticator encapsulates the 802.1x userinformation in the EAP attributes of RADIUS packets and sends the packets to theRADIUS server for authentication. In this case, you can configure theuser-name-format command but it does not take effect. For information about theuser-name-format command, refer to AAA RADIUS HWTACACS Commands.z If the username of a supplicant contains the version number or one or more blankspaces, you can neither retrieve information nor disconnect the supplicant byusing the username. However, you can use items such as IP address andconnection index number to do so.1.3 Configuring a Guest VLAN1.3.1 Configuration Prerequisitesz Enable 802.1xz Set the port access control method to portbased for the portz Set the port access control mode to auto for the portz Create the VLAN to be specified as the guest VLAN1.3.2 Configuration ProcedureFollow these steps to configure Guest VLAN:To do… Use the command… RemarksEnter system view system-view —dot1x guest-vlan vlan-id [ interfaceinterface-list ]Configure the guestVLAN for specifiedor all ports Or in Ethernet interface viewinterface interface-type interface-numberdot1x guest-vlan vlan-idRequiredBy default, aport isconfigured withno guest VLAN.
