68Configuring 802.1XThis chapter describes how to configure 802.1X on an H3C device. You can also configure the portsecurity feature to perform 802.1X. Port security combines and extends 802.1X and MAC authentication.It applies to a network, a WLAN, for example, that requires different authentication methods for differentusers on a port. It is described in "Configuring port security."H3C implementation of 802.1XH3C implements port-based access control as defined in the 802.1X protocol, and extends the protocolto support MAC-based access control.• Port-based access control—Once an 802.1X user passes authentication on a port, any subsequentuser can access the network through the port without authentication. When the authenticated userlogs off, all other users are logged off.• MAC-based access control—Each user is separately authenticated on a port. When a user logs off,no other online users are affected.Configuration prerequisites• Configure an ISP domain and AAA scheme (local or RADIUS authentication) for 802.1X users.• If RADIUS authentication is used, create user accounts on the RADIUS server.• If local authentication is used, create local user accounts on the access device and set the servicetype to lan-access.802.1X configuration task listTasks at a glance(Required.) Enabling 802.1X(Required.) Enabling EAP relay or EAP termination(Optional.) Setting the port authorization state(Optional.) Specifying an access control method(Optional.) Setting the maximum number of concurrent 802.1X users on a port(Optional.) Setting the maximum number of authentication request attempts(Optional.) Setting the 802.1X authentication timeout timers(Optional.) Configuring the online user handshake function(Optional.) Configuring the authentication trigger function(Optional.) Specifying a mandatory authentication domain on a port(Optional.) Configuring the quiet timer