Configuring 802.1X

This section describes how to configure 802.1X.

Creating a 802.1X Rule

To create a 802.1X rule, take the following steps:

1. On the Navigation pane, click Configure > Network > 802.1X to visit the 802.1X page.
2. Click New.
3. On the Basic tab in the Configuring 802.1X dialog, configure the 802.1X basic options.
   • Interface: Specifies the 802.1X authentication interface. The interface should be a Layer 2 interface or VLAN.
   • AAA server: Specifies an AAA server as the 802.1X authentication server. You can select the server you need or click New AAA from the drop-down list to create one. System supports local authentication server and RADIUS server.
   • Access mode: Specifies the method of 802.1X interface access control.
     • Port - For all the clients under a port, as long as one client is authenticated, other clients can access network without authentication.
     • MAC - All the clients under the port must be authenticated and then they can access network resources.
4. On the Advanced tab, configure the 802.1X advanced options.
   • Port authorized: Select the 802.1X authentication port behavior.
     • Auto - This is the default setting. In this mode, the authenticator decides whether the client can access the network according to the results of 802.1X authentication.
     • Force-unauthorized - In this mode, the port is always in unauthorized state, and any client attempting to connect will fail.
   • Re-Auth period: Specifies the interval for re-authenticating the clients. The value range is 0 to 65535 seconds. The default value is 3600. The value of 0 indicates no re-authentication.
   • Quiet period: Specifies the value of quiet time. If authentication fails, the authenticator remains idle for a period of time before go on processing the same request from the same client. The value range is 0 to 65535 seconds. The default value is 60. The value of 0 indicates that the system will process the request from the same client all the time.
   • Retry times: Specifies the value of retry times. If the authenticator initially sends the authentication request frame to the client, after a period of time when the client does not receive a response, the authenticator will resend the request to the client until exceeding the value of retry times. If exceeded, the authenticator will give up resending. The value range is 1 to 10 times. The default value is 2.
   • Server timeout: Specifies the authentication server response timeout value. The value range is 1 to 65535 seconds. The default value is 30.
   • Client timeout: Specifies the client response timeout value. The value range is 1 to 65535 seconds. The default value is 30.
5. Click OK to save your settings.

Editing a 802.1X Rule

To edit a 802.1X rule, take the following steps:

1. On the Navigation pane, click Configure > Network > 802.1X to visit the 802.1X page.
2. Select the rule you want to edit from the list, and click Edit.
3. In the Configuring 802.1X dialog, modify according to your need.
4. Click OK to save your changes.

Deleting a 802.1X Rule

To delete a 802.1X rule, take the following steps:

1. On the Navigation pane, click Configure > Network > 802.1X to visit the 802.1X page.
2. Select the rule you want to delete from the list, and click Delete.

Configuring 802.1X Global Parameters

To configure 802.1X global parameters, take the following steps:

1. On the Navigation pane, click Configure > Network > 802.1X to visit the 802.1X page.
2. On the Task tab in the right auxiliary pane, configure the options as below:
   • Max user number: Specifies the maximum number of clients that are allowed to connect the port simultaneously. The value range is 1 to 400. The default value may vary from different platforms.
   • Multiple login: Configure Multiple Login function. Select Disable or Enable from the Multiple login drop-down list.
     Disable - If selected, only one client is allowed to log in.
     
     • Replace the existing login sessions - The user who already logged in will be kicked out by the same user who logs in later. The system will automatically cut the connection to the user who already logged in.
     • Refuse new login - The same user will be prohibited to log in again.
     Enable - If selected, multiple clients can be logged in with the same username simultaneously. And you can specify how many times the same username can be used to login in the Concurrent login number section.
     • Unlimited - The system does not limit how many times the client logs in using one username at the same time.
     • Max number - Type the maximum value into the box. The value range is 2 to 1000 times. The default value is 100.
   • Re-Auth time: Configures the authentication timeout value for authenticated clients. If the client does not respond within the specified time, it need reapply an authentication. Type the value into the box. The value range is 180 to 86400 seconds. The default value is 300.
3. Click OK to save your settings.