11 authentication message exchange – Barracuda Networks VERSION SP4 User Manual

Page 196

Advertising
background image

194 802.1X – Technical Guideline

To disable periodic re-authentication, use the no dot1x re-authentication interface

configuration command. To return to the default number seconds between re-authentication attempts,
use the no dot1x timeout reauth-period interface configuration command.

The re-authentication started by the switch is illustrated in 2.3.II.

14.3.10

Manually re-authenticating using the command line

You can manually re-authenticate the client connected to a specific port at any time by entering the
dot1x re-authenticate interface <interface-id> privileged EXEC command in a remote telnet

session on the switch or the web interface.

14.3.11

Authentication Message Exchange

The following image illustrates the authentication message exchange between the client computer, the
switch and the RADIUS authentication server:

Shown in the first section (I) is the initial EAPOL start packet sent by the wpa_supplicant from the client
computer, starting the 802.1X authentication scheme. This occurs on following circumstances:

An instance of the wpa-supplicant started and running beginning
authentication.

The configured re-authentication period elapsed and the wpa-supplicant starts
re-authentication.

Section II illustrates the message exchange of the authentication. This occurs when:

The client computer starts (re)-authentication; see section I above.

The configured re-auth period configured on the switch elapsed.

Fig. 14–5 Example

Fig. 14–6 Example

Fig. 14–7 Authentication Message Exchange Process

Switch(config-if)# dot1x reauthentication
Switch(config-if)# dot1x reauth-period 4000

S

witch# dot1x re-authenticate interface fa0/3

Advertising