69Tasks at a glance(Optional.) Enabling the periodic online user re-authentication functionEnabling 802.1XFollow the guideline when you enable 802.1X:• Do not enable 802.1X on a port that is in a link aggregation or service loopback group.To enable 802.1X:Step Command Remarks1. Enter system view. system-view N/A2. Enable 802.1X globally. dot1x By default, 802.1X is disabledglobally.3. Enter Ethernet interfaceview. interface interface-type interface-number N/A4. Enable 802.1X on a port. dot1x By default, 802.1X is disabledon a port.Enabling EAP relay or EAP terminationWhen configuring EAP relay or EAP termination, consider the following factors:• Support of the RADIUS server for EAP packets• Authentication methods supported by the 802.1X client and the RADIUS serverIf the client is using only MD5-Challenge EAP authentication or the "username + password" EAPauthentication initiated by an H3C iNode 802.1X client, you can use both EAP termination and EAP relay.To use EAP-TL, PEAP, or any other EAP authentication methods, you must use EAP relay. When you makeyour decision, see "Comparing EAP relay and EAP termination" for help.For more information about EAP relay and EAP termination, see "802.1X authentication procedures."To configure EAP relay or EAP termination:Step Command Remarks1. Enter systemview. system-view N/A2. Configure EAPrelay or EAPtermination.dot1x authentication-method{ chap | eap | pap }By default, the network access device performs EAPtermination and uses CHAP to communicate with theRADIUS server.Specify the eap keyword to enable EAP termination.Specify the chap or pap keyword to enableCHAP-enabled or PAP-enabled EAP relay.