How Can I Select 802.1x User Authentication Modes for Different 802.1x Client Software?

7

If the 802.1x client uses the MD5 encryption mode, the user authentication mode on the device can be set to EAP or CHAP; if the 802.1x client uses the PEAP authentication mode, the authentication mode on the device can be set to EAP.

Other related questions:
How to configure local authentication for 802.1x authentication users on S series switches
For S series switches (except the S1700), 802.1x authentication user information (including the user name, password, and other attributes of a local user) for local authentication and authorization is configured on the switches. Local authentication and authorization for 802.1x authentication users feature fast processing and low operation cost, but the amount of information that can be stored is limited by the switch hardware capacity.
Assume that a user connects to GE0/0/1 on a switch and belongs to VLAN 100. After local authentication is configured for the user on the switch, the user can access the network without being authorized. Configure local authentication for an 802.1x authentication user as follows:
1. Create VLAN 100 and add GE0/0/1 to the VLAN.
[HUAWEI] vlan batch 100 
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] port link-type access
[HUAWEI-GigabitEthernet0/0/1] port default vlan 100 
[HUAWEI-GigabitEthernet0/0/1] quit
2. Create a local user and an authentication domain for the local user.
[HUAWEI] aaa     
[HUAWEI-aaa] local-user huawei password cipher hello@123
[HUAWEI-aaa] local-user huawei service-type 8021x
[HUAWEI-aaa] authentication-scheme test
[HUAWEI-aaa-authen-test] authentication-mode local
[HUAWEI-aaa-authen-test] quit
[HUAWEI-aaa] authorization-scheme test
[HUAWEI-aaa-author-test] authorization-mode none
[HUAWEI-aaa-author-test] quit
[HUAWEI-aaa] domain default_admin
[HUAWEI-aaa-domain-default_admin] authentication-scheme test
[HUAWEI-aaa-domain-default_admin] authorization-scheme test
3. Enable 802.1x authentication in the system view and on a specified interface.
a. In common mode (applicable to switches running all versions):
[HUAWEI] undo authentication unified-mode  //Change the NAC mode to common. This step is required only on switches running V200R005C00 and later versions.br>[HUAWEI] quit
<HUAWEI> reboot   //This step is required only on switches running V200R005C00 and later versions.
[HUAWEI] dot1x enable
[HUAWEI] interface gigabitethernet0/0/1
[HUAWEI-GigabitEthernet0/0/1] dot1x enable
[HUAWEI-GigabitEthernet0/0/1] dot1x authentication-method eap
b. In unified mode (applicable to switches running versions from V200R005 to V200R008):
[HUAWEI] authentication unified-mode 
[HUAWEI] interface gigabitethernet0/0/1
[HUAWEI-GigabitEthernet0/0/1] authentication dot1x
[HUAWEI-GigabitEthernet0/0/1] authentication mode multi-authen max-user 100
c. In unified mode (applicable to switches running V200R009 and later versions):
[HUAWEI] dot1x-access-profile name d1
[HUAWEI-dot1x-access-profile-d1] quit
[HUAWEI] authentication-profile name a1
[HUAWEI-authen-profile-a1] dot1x-access-profile d1
[HUAWEI-authen-profile-a1] quit
[HUAWEI] interface gigabitethernet0/0/1
[HUAWEI-GigabitEthernet0/0/1] authentication-profile a1

How to push a web authentication page to an 802.1x authentication user on S series switches
For S series switches (except the S1700), you can push web authentication pages to 802.1x authentication users in URL or URL template mode, which only applies to online users on the fixed switch S5720HI and X series cards of modular switches. The configuration method is as follows: - In URL mode: [HUAWEI] aaa [HUAWEI-aaa] domain huawei //Enter the authentication domain for 802.1x authentication users. [HUAWEI-aaa-domain-huawei] force-push url http://10.1.1.1 //Configure the pushed URL. - In URL template mode: [HUAWEI] url-template name huawei //Configure the URL template. [HUAWEI-url-template-huawei] url http://10.1.1.1 //Configure the pushed URL. [HUAWEI-url-template-huawei] quit [HUAWEI] aaa [HUAWEI-aaa] domain huawei //Enter the authentication domain for 802.1x authentication users. [HUAWEI-aaa-domain-huawei] force-push url-template huawei //Bind the URL template to the authentication domain.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top