Operation Manual – 802.1x and System GuardH3C S5600 Series Ethernet Switches Chapter 1 802.1x Configuration1-15Note:802.1x re-authentication will fail if a CAMS server is used and configured to performauthentication but not accounting. This is because a CAMS server establishes a usersession after it begins to perform accounting. Therefore, to enable 802.1xre-authentication, do not configure the accounting none command in the domain. Thisrestriction does not apply to other types of servers.1.2 Introduction to 802.1x Configuration802.1x provides a solution for authenticating users. To implement this solution, youneed to execute 802.1x-related commands. You also need to configure AAA schemeson switches and specify the authentication scheme (RADIUS or local authenticationscheme).ISP domainconfiguration AAA schemeLocalauthenticationRADIUSscheme802.1xconfigurationISP domainconfiguration AAA schemeLocalauthenticationRADIUSscheme802.1xconfigurationFigure 1-11 802.1x configurationz 802.1x users use domain names to associate with the ISP domains configured onswitchesz Configure the AAA scheme (a local authentication scheme or a RADIUS scheme)to be adopted in the ISP domain.z If you specify to use a local authentication scheme, you need to configure the usernames and passwords manually on the switch. Users can pass the authenticationthrough 802.1x client if they provide user names and passwords that match thoseconfigured on the switch.z If you specify to adopt the RADIUS scheme, the supplicant systems areauthenticated by a remote RADIUS server. In this case, you need to configureuser names and passwords on the RADIUS server and perform RADIUSclient-related configuration on the switches.z You can also specify to adopt the RADIUS authentication scheme, with a localauthentication scheme as a backup. In this case, the local authentication schemeis adopted when the RADIUS server fails.Refer to the AAA Operation for detailed information about AAA scheme configuration.