1x timers, Configuration prerequisites – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 540
519
•
Port-based access control—Once an 802.1X user passes authentication on a port, any subsequent
user can access the network through the port without authentication. When the authenticated user
logs off, all other users are logged off.
•
MAC-based access control—Each user is authenticated separately on a port. When a user logs off,
no other online users are affected.
802.1X timers
This section describes the timers used on an 802.1X device to guarantee that the client, the device, and
the RADIUS server can interact with each other correctly.
•
Username request timeout timer—Starts when the device sends an EAP-Request/Identity packet to
a client in response to an authentication request. If the device receives no response before this timer
expires, it retransmits the request. The timer also sets the interval at which the network device sends
multicast EAP-Request/Identity packets to detect clients that cannot actively request authentication.
•
Client timeout timer—Starts when the access device sends an EAP-Request/MD5 Challenge packet
to a client. If no response is received when this timer expires, the access device retransmits the
request to the client.
•
Server timeout timer—Starts when the access device sends a RADIUS Access-Request packet to the
authentication server. If no response is received when this timer expires, the access device
retransmits the request to the server.
•
Handshake timer—Sets the interval at which the access device sends client handshake requests to
check the online status of a client that has passed authentication. If the device receives no response
after sending the maximum number of handshake requests, it considers that the client has logged
off. For information about how to enable the online user handshake function, see "
•
Quiet timer—Starts when the access device sends a RADIUS Access-Request packet to the
authentication server. If no response is received when this timer expires, the access device
retransmits the request to the server.
•
Periodic online user re-authentication timer—Sets the interval at which the network device
periodically re-authenticates online 802.1X users. For information about how to enable periodic
online user re-authentication on a port, see "
Configuration prerequisites
•
Configure an ISP domain and AAA scheme (local or RADIUS authentication) for 802.1X users. For
more information, see "
" and "
•
If you use local authentication, create user accounts on the device and assign the LAN access
service to the users. For more information, see "
•
If you use RADIUS authentication, create user accounts on the RADIUS server.
•
Configure a special local EAP server on the device to use EAP relay if the RADIUS server does not
support any EAP authentication method or when local authentication is used. For more information,
see "