Operation Manual – 802.1xH3C S7500 Series Ethernet Switches Chapter 1 802.1x Configuration1-12With the Guest VLAN function enabled, supplicant systems that do not have 802.1xclient installed can access specific network resources. They can also upgrade their802.1x clients without being authenticated.With this function enabled:z The switch multicasts trigger packets to all 802.1x-enabled ports.z If some port still does not send any response packet after the retry times reachesthe maximum value, the switch will add the port into the Guest VLAN.z Users belonging to the Guest VLAN can access the resources of the Guest VLANwithout being authenticated. But they need to be authenticated before accessingexternal resources.Normally, the Guest VLAN function is coupled with the dynamic VLAN assignmentfunction.For detailed information about dynamic VLAN assignment function, Refer toAAA-RADIUS-HWTACACS-EAD Operation Manual .1.2 802.1x Configuration802.1x provides a solution for authenticating users. To implement this solution, youneed to execute 802.1x-related commands. You also need to configure AAA schemeson switches and to specify the authentication scheme (RADIUS authentication schemeor local authentication scheme).ISP domainconfigurati on AAA sc hemeLocalaut henticati on802.1xconfigurati onISP domainconfigurati on AAA sc hemeLocalaut henticati onRADIUSschemeRADIUSscheme802.1xconfigurati onFigure 1-10 802.1x configurationz 802.1x users use domain names to associate with the ISP domains configured onswitches.z An AAA scheme (a local authentication scheme or the RADIUS scheme) isconfigured for the ISP domain.z If you specify to use the RADIUS scheme, that is to say the supplicant systems areauthenticated by a remote RADIUS server, you need to configure the related usernames and passwords on the RADIUS server and perform RADIUS client-relatedconfiguration on the switches.z If you specify to adopt a local authentication scheme, you need to configure usernames and passwords manually on the switches. Users can pass theauthentication through the 802.1x client if they provide the user names andpasswords that match with those stored in the switches.