Configuring the online user handshake function, Configuring the authentication trigger function – H3C Technologies H3C S12500-X Series Switches User Manual

Page 86

Advertising
background image

74

Step Command

Remarks

3.

Set the server timeout
timer.

dot1x timer server-timeout
server-timeout-value

The default is 100 seconds.

45B

Configuring the online user handshake function

The online user handshake function checks the connectivity status of online 802.1X users. The network

access device sends handshake messages to online users at the interval specified by the dot1x timer

handshake-period command. If no response is received from an online user after the maximum number

of handshake attempts (set by the dot1x retry command) has been made, the network access device sets
the user in the offline state.
If the network has 802.1X clients that cannot exchange handshake packets with the network access

device, disable the online user handshake function to prevent their connections from being

inappropriately torn down.
To configure the online user handshake function:

Step Command

Remarks

1.

Enter system view.

system-view

N/A

2.

(Optional.) Set the handshake
timer.

dot1x timer handshake-period
handshake-period-value

The default is 15 seconds.

3.

Enter Ethernet interface view. interface interface-type

interface-number

N/A

4.

Enable the online handshake

function.

dot1x handshake

By default, the function is enabled.

46B

Configuring the authentication trigger function

The authentication trigger function enables the network access device to initiate 802.1X authentication

when 802.1X clients cannot initiate authentication.
This function provides the following types of authentication trigger:

Multicast trigger—Periodically multicasts Identity EAP-Request packets out of a port to detect 802.1X
clients and trigger authentication.

Unicast trigger—Enables the network device to initiate 802.1X authentication when it receives a

data frame from an unknown source MAC address. The device sends a unicast Identity
EAP/Request packet to the unknown source MAC address, and retransmits the packet if it has

received no response within a period of time. This process continues until the maximum number of

request attempts set with the dot1x retry command is reached (see "

776H

Setting the maximum number

of authentication request attempts

").

The identity request timeout timer sets both the identity request interval for the multicast trigger and the

identity request timeout interval for the unicast trigger.

Advertising
This manual is related to the following products:

H3C S5560 Series Switches, H3C WX6000 Series Access Controllers, H3C WX5000 Series Access Controllers, H3C WX3000 Series Unified Switches, H3C LSWM1WCM10 Access Controller Module, H3C LSWM1WCM20 Access Controller Module, H3C LSQM1WCMB0 Access Controller Module, H3C LSRM1WCM2A1 Access Controller Module, H3C LSBM1WCM2A0 Access Controller Module, H3C S9800 Series Switches, H3C S5130 Series Switches, H3C S5120 Series Switches

Popular Brands
Popular manuals