Configuration Notes of 802.1X Authentication

When configuring 802.1X authentication on a device, pay attention to the following points:

•   802.1X client authentication software is required on the supplicant when you use the 802.1X authentication to control the network access of the supplicant. If you only use MAB authentication to control network access of the clients, the 802.1X client software is not required.

•   The MAB authentication is performed every time port link goes down and then up.

•   802.1X authentication is used on the port connected to the host user. It is not supported for the port connected to the RADIUS server.

•   The link type of the port of guest VLAN and dynamic VLAN should be trunk port.

•   A maximum of eight MAB authentication users supported on each port.

•  802.1X authentication and MAB authentication cannot be configured on a LAG port or a physical port that belongs to a LAG. When we need to configure these functions on the physical port that belongs to a LAG, we must first remove the physical port from the LAG port before configuration.

•   802.1X authentication only supports RADIUS protocol between the authenticator and the authentication server. It does not support TACACS / TACACS+ authentication and local authentication.

•   The recommended 802.1X authentication servers are FreeRadius and PacketFence.