Installation manual
Operation Manual - Security
Quidway S3000-EI Series Ethernet Switches Chapter 1
802.1x Configuration
Huawei Technologies Proprietary
1-11
1.2.11 Co
I. Overview
8 dynamically bind the IP address, the
M
a 802.1x user passes the authentication. An ts the
p ese four items. If the swi in
ackets sent by the user are not consistent with the bound ones, it will force the
ser to go offline.
users from changing their IP addresses. As some kind of accounting
servers charge by IP addresses, changing of IP addresses causes these
m accessing a network through authentication
ports when in port-based authentication mode. With dynamic user binding
ers to access the
network with uthenticated after a user authentication.
Wherea mic user binding is enabled, a the corresponding
, t h the
ngs after a u which prevents
other users from accessing the network through the port.
Note that:
dynamically, you must couple dynamic user
z Configure the switch port connecting to the DHCP server to be a DHCP Snooping
port.
2) If the users use static IP addresses, you must use 802.1x clients developed by
II
address dynamically, enable DHCP Snooping globally on the
connecting to the DHCP server to be a DHCP
nfiguring 802.1x Dynamic User Binding
02.1x dynamic user binding enables a switch to
AC address, the accessing port, and the VLAN
fter an
to which the accessing port belongs
d the switch then only permi
ackets that match all th tch finds that the four items carried
the p
u
Dynamic user binding can be used to:
z Prevent
accounting servers failing to charge effectively.
z Prevent unauthenticated user fro
disabled, port-based authentication mode enables other us
out being a
s when dyna
passes the
switch binds
IP address, the MAC address he accessing port, and the VLAN to whic
accessing port belo ser passes the authentication,
1) If the users obtain their IP addresses
binding with DHCP Snooping in the following way:
z Enable DHCP Snooping globally on the switch.
trusted
Huawei Technologies and select the Upload user IP address option in the [802.1x
Network Settings] dialog box when creating a new connection.
. Configuration Prerequisites
z Enable 802.1x feature globally and on a port.
z If you obtain an IP
switch and configure the switch port
Snooping trusted port.