Configuring 802.1x re-authentication, Configuring the 802.1x re-authentication timer – H3C Technologies H3C S3100 Series Switches User Manual

Page 387

Advertising
background image

1-22

z

At present, only the S3100-EI series supports the Auth-Fail VLAN function.

z

Different ports can be configured with different Auth-Fail VLANs, but a port can be configured with

only one Auth-Fail VLAN.

z

If you configure both 802.1X authentication and MAC authentication on a port and specify an

MAFV for 802.1X authentication and an MGV for MAC authentication, the assignment of the MAFV

entry for a user will overwrite the MGV entry for the user, while the assignment of the MGV entry for

a user will not overwrite the MAFV entry for the user.

z

If the MAFV for web authentication has been assigned to a user on a port, the MAFV for the 802.1X

authentication method will not take effect for the user.

Configuring 802.1x Re-Authentication

Table 1-10 Enable 802.1x re-authentication

Operation

Command

Remarks

Enter system view

system-view

In system
view

dot1x re-authenticate [ interface
interface-list ]

Enable
802.1x
re-authentic
ation on
port(s)

In port view

dot1x re-authenticate

Required

By default, 802.1x
re-authentication is
disabled on a port.

z

To enable 802.1x re-authentication on a port, you must first enable 802.1x globally and on the port.

z

When re-authenticating a user, a switch goes through the complete authentication process. It

transmits the username and password of the user to the server. The server may authenticate the

username and password, or, however, use re-authentication for only accounting and user

connection status checking and therefore does not authenticate the username and password any

more.

z

An authentication server running CAMS authenticates the username and password during

re-authentication of a user in the EAP authentication mode but does not in PAP or CHAP

authentication mode.

Configuring the 802.1x Re-Authentication Timer

After 802.1x re-authentication is enabled on the switch, the switch determines the re-authentication

interval in one of the following two ways:

1) The switch uses the value of the Session-timeout attribute field of the Access-Accept packet sent

by the RADIUS server as the re-authentication interval.

Advertising
Popular Brands
Popular manuals