Introduction to 802.1x configuration – H3C Technologies H3C S3100 Series Switches User Manual

1-13

Figure 1-10 802.1x re-authentication

PC

Internet

PC

PC

RADIUS

Server

Switch

802.1x re-authentication can be enabled in one of the following two ways:

z

The RADIUS server triggers the switch to perform 802.1x re-authentication of users. The RADIUS

server sends the switch an Access-Accept packet with the Termination-Action attribute field of 1.

Upon receiving the packet, the switch re-authenticates users periodically.

z

You enable 802.1x re-authentication on the switch. With 802.1x re-authentication enabled, the

switch re-authenticates users periodically.

802.1x re-authentication will fail if a CAMS server is used and configured to perform authentication but

not accounting. This is because a CAMS server establishes a user session after it begins to perform

accounting. Therefore, to enable 802.1x re-authentication, do not configure the accounting none

command in the domain. This restriction does not apply to other types of servers.

Introduction to 802.1x Configuration

802.1x provides a solution for authenticating users. To implement this solution, you need to execute

802.1x-related commands. You also need to configure AAA schemes on switches and specify the

authentication scheme (RADIUS or local authentication scheme).

Figure 1-11 802.1x configuration