Is an 802.1x client available on an S series switch

1

During 802.1x authentication, you need to install 802.1x client software on an S series switch (a non-S1700 switch) that functions as a network control point to control terminal users' network access rights. It is recommended that you use the built-in 802.1x client on the Windows 7 operating system. You can search for details about how to start and user the 802.1x client at Google.

Other related questions:
Clients pass 802.1x authentication on an S series switch, and are disconnected after 10 seconds
For S series switches except S1700 switches, if handshake with online 802.1x users is enabled on a switch, the switch sends handshake packets to a client after the client is authenticated. If the client does not respond to the handshake packets, the switch forces the client offline. The client goes offline 10 seconds after it is authenticated. This may be caused by a handshake failure. In this case, run the undo dot1x handshake command in the system view to disable the handshake function.

802.1x remote authentication on S series switch
In 802.1x remote authentication and authorization, user information (including the user name, password and attributes) is configured on the remote AAA server. 802.1x remote authentication and authorization feature high network security. S series switches (except S1700 switches) running V200R003C10 or an earlier version supports only traditional NAC configuration. Switches running V200R005C00 or a later version support both traditional and unified NAC configuration. By default, unified NAC configuration is used. 802.1x remote authentication also supports traditional and unified modes. 802.1x remote authentication configuration is the same on all switch models: - For the traditional 802.1x remote authentication configuration, see "Example for Configuring 802.1x Authentication to Control Internal User Access" in "Configuring NAC (Common Mode)" of Typical Configuration Examples. - For the unified 802.1x remote authentication configuration, see "Example for Configuring 802.1x Authentication to Control Internal User Access" in "Configuring NAC (Unified Mode)" of Typical Configuration Examples.

S series switch models
S series switches include the following series: S1700, S2700, S3700, S5700, S6700, S9300, S7700, S9700, and S12700 series. You can find the specific models of each series in the hardware query tool or hardware description manual. To query specific models of S series switches, click Hardware Query. To obtain S1700 product description, click S1700 Managed Switch Product Description. To obtain S2700 hardware description, click S2700 Hardware Description. To obtain S3700 hardware description, click S3700 Hardware Description. To obtain S5700 hardware description, click S5700 Hardware Description. To obtain S6700 hardware description, click S6700 Hardware Description. To obtain S9300 hardware description, click S9300&S9300E Hardware Description. To obtain S7700 hardware description, click S7700 Hardware Description. To obtain S9700 hardware description, click S9700 Hardware Description. To obtain S12700 hardware description, click S12700 Hardware Description.

802.1x local authentication configuration on S series switch
For S series switches except S1700 switches, in 802.1x local authentication and authorization, user information (including the local user name, password, and attributes) is configured on the switch. 802.1x local authentication and authorization feature fast processing and low operation cost, whereas the amount of information that can be stored is limited by the switch hardware capacity.
Assume that the user connects to GE0/0/1 of the switch and belongs to VLAN 100. In addition, the user uses local authentication and can connect to the network without authorization. Configure 802.1x local authentication as follows:
1. Create VLAN 100, and add interface GE0/0/1 to this VLAN.
[HUAWEI] vlan 100 
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port link-type access
[HUAWEI-GigabitEthernet0/0/1] port default vlan 100 
[HUAWEI-GigabitEthernet0/0/1] quit
2. Configure the local user and the authentication domain of the user.
[HUAWEI] aaa     
[HUAWEI-aaa] local-user huawei password cipher hello@123
[HUAWEI-aaa] local-user huawei service-type 8021x
[HUAWEI-aaa] authentication-scheme test
[HUAWEI-aaa-authen-test] authentication-mode local
[HUAWEI-aaa-authen-test] quit
[HUAWEI-aaa] authorization-scheme test
[HUAWEI-aaa-author-test] authorization-mode none
[HUAWEI-aaa-author-test] quit
[HUAWEI-aaa] domain default_admin
[HUAWEI-aaa-domain-default_admin] authentication-scheme test
[HUAWEI-aaa-domain-default_admin] authorization-scheme test
3. Enable 802.1x  authentication globally and on a specified interface.
a. Traditional mode (applicable to all versions)
[HUAWEI] undo authentication unified-mode  //Switch to the traditional mode (This configuration applies only to V200R005C00 and later versions.)
[HUAWEI] quit
<HUAWEI> reboot   //This configuration applies only to V200R005C00 and later versions.
[HUAWEI] dot1x enable
[HUAWEI] interface gigabitethernet0/0/1
[HUAWEI-GigabitEthernet0/0/1] dot1x enable
[HUAWEI-GigabitEthernet0/0/1] dot1x authentication-method eap
b. Unified mode (applicable to V200R005C00 and later versions)
[HUAWEI] authentication unified-mode 
[HUAWEI] interface gigabitethernet0/0/1
[HUAWEI-GigabitEthernet0/0/1] authentication dot1x
[HUAWEI-GigabitEthernet0/0/1] authentication mode multi-authen max-user 100

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top