Operation Manual – 802.1x-HABP-MAC AuthenticationH3C S5500-EI Series Ethernet Switches Chapter 1 802.1x Configuration1-141.2 Configuring 802.1x1.2.1 Configuration Prerequisites802.1x provides a user identity authentication scheme. However, 802.1x cannotimplement the authentication scheme solely by itself. RADIUS or local authenticationmust be configured to work with 802.1x.z Configure the ISP domain to which the 802.1x user belongs and the AAA schemeto be used (that is, local authentication or RADIUS).z For remote RADIUS authentication, the username and password information mustbe configured on the RADIUS server.z For local authentication, the username and password information must beconfigured on the authenticator and the service type must be set to lan-access.For detailed configuration of the RADIUS client, refer to AAA RADIUS HWTACACSConfiguration.1.2.2 Configuring 802.1x GloballyFollow these steps to configure 802.1x globally:To do… Use the command… RemarksEnter system view system-view —Enable 802.1x globally dot1x RequiredDisabled by defaultSet the authenticationmethoddot1xauthentication-method{ chap | eap | pap }OptionalCHAP by defaultSet the portaccesscontrolmode forspecified orall portsdot1x port-control{ authorized-force | auto| unauthorized-force }[ interface interface-list ]Optionalauto by defaultSet the portaccesscontrolmethod forspecified orall portsdot1x port-method{ macbased |portbased } [ interfaceinterface-list ]Optionalmacbased by defaultSet the portaccesscontrolparametersSet themaximumnumber ofusers forspecified orall portsdot1x max-useruser-number [ interfaceinterface-list ]OptionalBy default, the maximumnumber of concurrentusers accessing a port is256.