beautypg.com

Configuring 802.1x for a port, Enabling 802.1x for a port, Configuring 802.1x parameters for a port – H3C Technologies H3C S5120 Series Switches User Manual

Page 392

background image

1-14

To do…

Use the command…

Remarks

Set the maximum number of
attempts to send an
authentication request to a
client

dot1x retry max-retry-value

Optional

2 by default

Set timers

dot1x timer
{ handshake-period
handshake-period-value |
quiet-period
quiet-period-value |
reauth-period
reauth-period-value |
server-timeout
server-timeout-value |
supp-timeout
supp-timeout-value | tx-period
tx-period-value }

Optional

The defaults are as follows:

15 seconds for the handshake
timer,

60 seconds for the quiet timer,

3600 seconds for the periodic
re-authentication timer,

100 seconds for the server
timeout timer,

30 seconds for the client
timeout timer, and

30 seconds for the username
request timeout timer.

Note that:

z

For 802.1X to take effect on a port, you must enable it both globally and on the port.

z

You can enable 802.1X and specify the port authorization mode, port access control method, and

maximum number of users for a port in both system view and interface view. For detailed

configuration, refer to

Configuring 802.1X for a Port

. The only difference between global

configurations and configurations on a port lies in the applicable scope. If both a global setting and

a local setting exist for an argument of a port, the one configured later takes effect.

z

802.1X timers only need to be changed in special or extreme network environments. For example,

you can give the client timeout timer a higher value in a low-performance network, give the quiet

timer a higher value in a vulnerable network or a lower value for quicker authentication response, or

adjust the server timeout timer to suit the performance of different authentication servers.

Configuring 802.1X for a Port

Enabling 802.1X for a port

Follow these steps to enable 802.1X for a port:

To do…

Use the command…

Remarks

Enter system view

system-view

In system
view

dot1x interface interface-list

interface interface-type
interface-number

Enable
802.1X for
one or more
ports

In Ethernet
interface view

dot1x

Required

Use either approach.

Disabled by default

Configuring 802.1X parameters for a port

Follow these steps to configure 802.1X parameters for a port:

See also other documents in the category H3C Technologies Routers: