Enabling the re-authentication function, Configuring a guest vlan – H3C Technologies H3C S7500E Series Switches User Manual

5-22

Enabling the Re-Authentication Function

If periodic re-authentication is enabled on a port, the device will re-authenticate online users on

the port at the interval specified by the periodic re-authentication timer. This is intended to track

the connection status of online users and update the authorization attributes assigned by the

server, such as the ACL, VLAN, and QoS Profile, ensuring that the users are in normal online

state.

Follow these steps to enable the periodic re-authentication function:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter Ethernet interface view

interface interface-type

interface-number

—

Enable periodic

re-authentication

dot1x re-authenticate

Required

Disabled by default

z

After an 802.1X user passes authentication, if the authentication server assigns a

re-authentication interval for the user through the session-timeout attribute, the assigned

re-authentication interval will take effect instead of that specified on the device. The

re-authentication interval assignment varies by server type. For more information, see the

specific authentication server implementation.

z

VLAN information assigned to the same user before and after re-authentication can be

different. However, if the server assigns VLAN information before re-authentication, it must

assign that information after re-authentication; if the server assigns no VLAN information

before re-authentication, it cannot assign that information after re-authentication.

Configuring a Guest VLAN