< Home

Access Configuration

Context

The device supports two configuration modes. By default, the unified mode is used. You can run the undo authentication unified-mode command to switch the configuration mode to common mode.

  • In the common mode, access configuration includes No-authentication, 802.1X authentication, MAC address authentication, MAC address bypass authentication. The last authentication mode is combinations of 802.1X authentication and MAC address authentication.

    • No-authentication: Users are allowed to access the network without authentication.

    • 802.1X authentication: a Layer 2 authentication mode based on the 802.1X protocol. In this mode, the 802.1X client software must be installed on user terminals, and user identity authentication is performed between clients and servers using the Extensible Authentication Protocol (EAP).

    • MAC address authentication: uses MAC addresses of users as identity information. In this mode, the 802.1X client software does not need to be installed on user terminals.

    • MAC address bypass authentication: In this mode, 802.1X authentication is performed first and the delay timer for MAC address bypass authentication is enabled at the same time. If the 802.1X authentication still fails when the delay time expires, MAC address authentication is triggered.

    When performing access configuration, you must enable the authentication function first, and then select the interface to which the access configuration applies and select an authentication mode.

  • In the unified mode, access configuration includes No-authentication, 802.1X authentication, MAC address authentication, and Portal authentication.

After performing access configuration, perform the Authentication Configuration. The two functions implement user authentication together.

If non-authentication is configured, a user passes the authentication using any user name or password. Therefore, to protect the device or network security, you are advised to enable authentication, allowing only the authenticated users to access the device or network.

Procedure

  • Common mode:
    1. Click Configuration to display the Configuration page.
    2. Choose Security Services > User Access Control in the navigation tree to display the User Access Control page.
    3. Click the Access Configuration tab to display the Access Configuration page, as shown in Figure 1.

      Figure 1 Access configuration

    4. Set Authentication function to ON and click OK.
    5. Select interfaces for which the authentication function needs to be enabled. You can perform the following operations as required:

      • Click the icon of a single interface or icons of multiple interfaces.
      • Drag the mouse to select multiple neighboring interfaces.
      • Click a device panel name and select all interfaces.

    6. Select an interface authentication method, as shown in Figure 2.

      Figure 2 Interface authentication mode

    7. Click Apply.

      If authentication on any interface fails, an error page is displayed, as shown in Figure 3.

      Figure 3 Interface authentication enabling result

      In the dialog box, Execution succeeded indicates the number of interfaces for which the interface authentication function is successfully applied; Execution failed indicates the number of interfaces for which the interface authentication function fails to be applied.

  • Unified mode.
    1. Click Configuration to display the Configuration page.
    2. Choose Security Services > User Access Control in the navigation tree to display the User Access Control page.
    3. Click the Access Configuration tab to display the Access Configuration page, as shown in Figure 4.

      Figure 4 Access configuration

    4. Select interfaces for which the authentication function needs to be enabled. You can perform the following operations as required:

      • Click the icon of a single interface or icons of multiple interfaces.
      • Drag the mouse to select multiple neighboring interfaces.
      • Click a device panel name and select all interfaces.

    5. Select interface authentication modes, including MAC address authentication, 802.1X authentication, and Portal authentication. Click Apply.

      If 802.1X authentication is configured as authentication mode 1 and MAC address authentication as authentication mode 2, the MAC address bypass authentication function is enabled.

      If MAC address authentication is configured as authentication mode 1 and 802.1X authentication as authentication mode 2, the MAC address authentication is performed first during MAC address bypass authentication.

    6. In the VLAN Authentication area, click to add interfaces, select interface authentication modes, and click Apply.
Parent Topic: User Access Control
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic