Timer and maximum user number configuration, Timer and maximum user number configuration -14 – H3C Technologies H3C WX3000 Series Unified Switches User Manual

23-14

z

802.1x configurations take effect only after you enable 802.1x both globally and for specified ports.

z

If you enable 802.1x for a port, you cannot set the maximum number of MAC addresses that can be
learnt for the port. Meanwhile, if you set the maximum number of MAC addresses that can be learnt
for a port, it is prohibited to enable 802.1x for the port.

z

If you enable 802.1x for a port, it is not available to add the port to an aggregation group.
Meanwhile, if a port has been added to an aggregation group, it is prohibited to enable 802.1x for
the port.

z

Changing the access control method on a port by the dot1x port-method command will forcibly
log out the online 802.1x users on the port.

z

When the device itself operates as an authentication server, its authentication method for 802.1x
users cannot be configured as EAP.

z

Handshaking packets are used to test whether a user is online or not. Users need to run the
proprietary client software of H3C to respond to the handshaking packets.

z

As clients not running the H3C client software do not support the online user handshaking function,
the device cannot receive handshaking acknowledgement packets from the client in handshaking
periods. To prevent the user being falsely considered offline, you need to disable the online user
handshaking function in this case.

z

For the handshaking packet secure function to take effect, the clients that enable the function need
to cooperate with the authentication server. If either the clients or the authentication server does
not support the function, disabling the handshaking packet secure function is needed.

Timer and Maximum User Number Configuration

Follow these steps to configure 802.1x timers and the maximum number of users:

To do…

Use the command…

Remarks

Enter system view

system-view

—

In system
view

dot1x

max-user user-number

[ interface interface-list ]

interface

interface-type

interface-number

dot1x max-user

user-number

Set the
maximum
number of
concurrent
on-line users
for specified
ports

In port
view

quit

Optional
By default, a port can accommodate up
to 256 users at a time.

Set the maximum retry
times to send request
packets

dot1x retry

max-retry-value

Optional
By default, the maximum retry times to
send a request packet is 2. That is, the
authenticator system sends a request
packet to a supplicant system for up to
two times by default.