Displaying and debugging 802.1x, Configuration example, 1x configuration example – H3C Technologies H3C S3100 Series Switches User Manual

1-23

2) The switch uses the value configured with the dot1x timer reauth-period command as the

re-authentication interval for access users.

Note the following:

During re-authentication, the switch always uses the latest re-authentication interval configured, no

matter which of the above-mentioned two ways is used to determine the re-authentication interval. For

example, if you configure a re-authentication interval on the switch and the switch receives an

Access-Accept packet whose Termination-Action attribute field is 1, the switch will ultimately use the

value of the Session-timeout attribute field as the re-authentication interval.

The following introduces how to configure the 802.1x re-authentication timer on the switch.

Table 1-11 Configure the re-authentication interval

Operation

Command

Remarks

Enter system view

system-view

—

Configure a re-authentication
interval

dot1x timer reauth-period
reauth-period-value

Optional

By default, the
re-authentication interval is
3,600 seconds.

Displaying and Debugging 802.1x

After performing the above configurations, you can display and verify the 802.1x-related configuration

by executing the display command in any view.

You can clear 802.1x-related statistics information by executing the reset command in user view.

Table 1-12 Display and debug 802.1x

Operation

Command

Remarks

Display the configuration,
session, and statistics
information about 802.1x

display dot1x [ sessions |
statistics ] [ interface
interface-list ]

This command can be
executed in any view.

Clear 802.1x-related statistics
information

reset dot1x statistics
[ interface interface-list ]

Execute this command in user
view.

Configuration Example

802.1x Configuration Example

Network requirements

z

Authenticate users on all ports to control their accesses to the Internet. The switch operates in

MAC address-based access control mode.

z

All supplicant systems that pass the authentication belong to the default domain named

“aabbcc.net”. The domain can accommodate up to 30 users. As for authentication, a supplicant

system is authenticated locally if the RADIUS server fails. And as for accounting, a supplicant

system is disconnected by force if the RADIUS server fails. The name of an authenticated

supplicant system is not suffixed with the domain name. A connection is terminated if the total size

of the data passes through it during a period of 20 minutes is less than 2,000 bytes.