Access Configuration

Through access configuration, the switch can authenticate users and control user access through interfaces to ensure enterprise network security.

Context

The device supports two configuration modes. By default, the traditional mode is used. You can run the authentication unified-mode command to switch the configuration mode to unified mode.

In the traditional mode, access configuration includes No-authentication, 802.1x authentication, MAC address authentication, MAC address bypass authentication, MAC address authentication performed first during MAC address bypass authentication. The last two authentication modes are combinations of 802.1X authentication and MAC address authentication.
- No-authentication: Users are allowed to access the network without authentication.
- 802.1x authentication: a Layer 2 authentication mode based on the 802.1x protocol. In this mode, the 802.1x client software must be installed on user terminals, and user identity authentication is performed between clients and servers using the Extensible Authentication Protocol (EAP).
- MAC address authentication: uses MAC addresses of users as identity information. In this mode, the 802.1x client software does not need to be installed on user terminals.
- MAC address bypass authentication: In this mode, 802.1x authentication is performed first and the delay timer for MAC address bypass authentication is enabled at the same time. If the 802.1x authentication still fails when the delay time expires, MAC address authentication is triggered.
In the unified mode, access configuration includes No-authentication, 802.1x authentication, MAC address authentication, and Portal authentication.

When performing access configuration, you must enable the authentication function first, and then select the interface to which the access configuration applies and select an authentication mode.

NOTE:

After performing access configuration, perform the Authentication Configuration. The two functions implement user authentication together.

Procedure

The traditional mode.
1. Click Configuration to display the Configuration page.
2. Choose AAA & NAC in the navigation tree to display the AAA & NAC page.
3. Click the Access Configuration tab to display the Access Configuration page.
4. Set Authentication Function to ON and click Confirm.
5. Select interfaces for which the authentication function needs to be enabled. You can perform the following operations as required:
  - Click the icon of a single interface.
  - Drag the mouse to select multiple neighboring interfaces.
  - Click an LPU name and select all interfaces on the LPU.
6. Select an interface authentication method.
  NOTE:
  - When the authentication method is set to MAC address authentication and 802.1x authentication, the MAC address bypass authentication is enabled.
7. Click Apply, and click Confirm.
  If authentication on any interface fails, an error page is displayed
  
  In the dialog box, Success indicates the number of interfaces for which the interface authentication function is successfully applied; Failure indicates the number of interfaces for which the interface authentication function fails to be applied.
The unified mode.
1. Click Configuration to display the Configuration page.
2. Choose AAA & NAC in the navigation tree to display the AAA & NAC page.
3. Click the Access Configuration tab to display the Access Configuration page.
4. Select interfaces for which the authentication function needs to be enabled. You can perform the following operations as required:
  - Click the icon of a single interface.
  - Drag the mouse to select multiple neighboring interfaces.
  - Click an LPU name and select all interfaces on the LPU.
5. Select an interface authentication method.
6. Click Apply, and click Confirm.