How to configure local 802.1x authentication

In local authentication and authorization, user information including the local user name, password, and attributes is configured on an AR. In this mode, the AR provides fast processing and low operation cost, whereas the amount of information that can be stored is limited by the AR hardware capacity.
An example is used here to describe local 802.1x authentication. Assume that a user connects to GE1/0/0 on an AR and belongs to VLAN 100. Local authentication is used, and the user can access the Internet without authorization.
1. Create VLAN 100 and add GE1/0/0 to VLAN 100.
[Huawei] vlan batch 100
[Huawei] interface gigabitethernet 1/0/0
[Huawei-GigabitEthernet1/0/0] port link-type access
[Huawei-GigabitEthernet1/0/0] port default vlan 100
[Huawei-GigabitEthernet1/0/0] quit
2. Configure a local user, AAA schemes, and AAA domain.
[Huawei]aaa
[Huawei-aaa] local-user huawei password cipher hello@123
[Huawei-aaa] local-user huawei service-type 8021x
[Huawei-aaa] authentication-scheme test
[Huawei-aaa-authen-test] authentication-mode local
[Huawei-aaa-authen-test] quit
[Huawei-aaa] authorization-scheme test
[Huawei-aaa-author-test] authorization-mode none
[Huawei-aaa-author-test] quit
[Huawei-aaa] domain default_admin
[Huawei-aaa-domain-default_admin] authentication-scheme test
[Huawei-aaa-domain-default_admin] authorization-scheme test
3. Enable 802.1x authentication globally and on an interface.
[Huawei] dot1x enable
[Huawei] interface gigabitethernet1/0/0
[Huawei-GigabitEthernet1/0/0] dot1x enable

Scroll to top