Creating an 802.1X Template
When 802.1X authentication is used, the NetEngine 8000 F and 802.1X clients perform authentication negotiation based on the parameters defined in an 802.1X template.
Context
To ensure that only authorized 802.1X users can access the network, you need to create an 802.1X template and enter the 802.1X template view. Then, authentication negotiation is performed based on the parameters defined in the 802.1X template to verify the consistency between parameters set by 802.1X users and those defined in the 802.1X template.
Procedure
- Run system-view
The system view is displayed.
- Run dot1x-template dot1x-template-number
An 802.1X template is created and the 802.1X template view is displayed.
802.1X templates are identified by numbers. The NetEngine 8000 F has a default 802.1X template numbered 1. This template can be modified but cannot be deleted.
All the parameters in the following optional steps have default values on the NetEngine 8000 F. Run corresponding commands to modify the default settings.
- (Optional) Run authentication timeout time
The timeout period for the BRAS to wait for an EAP Response packet from the authentication server is set.
- (Optional) Run request { retransmit times | interval time } *
The timeout period for the BRAS to wait for an EAP-Response/Identity packet from the client and the number of retransmissions of EAP-Request/Identity packets is set.
- (Optional) Run keepalive { interval time | retransmit times } *
The number of and timeout period for handshake packet retransmissions between the EAP client and server are set.
- (Optional) Run reauthentication interval time
The interval for reauthentication of online 802.1X template users is set.
- (Optional) Run eap-end [ chap | pap ]
The authentication method for EAP termination defined in the 802.1X template is configured.