Enabling the re-authentication function, Configuring a guest vlan, Configuration prerequisites – H3C Technologies H3C S5120 Series Switches User Manual

1-17

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enable the quiet timer

dot1x quiet-period

Required

Disabled by default

Enabling the Re-Authentication Function

If periodic re-authentication is enabled on a port, the device will re-authenticate online users on the port

at the interval specified by the periodic re-authentication timer. This is intended to track the connection

status of online users and update the authorization attributes assigned by the server, such as the ACL,

VLAN, and QoS Profile, ensuring that the users are in normal online state.

Follow these steps to enable the periodic re-authentication function:

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enter Ethernet interface view

interface interface-type
interface-number

—

Enable periodic
re-authentication

dot1x re-authenticate

Required

Disabled by default

After an 802.1X user passes authentication, if the authentication server assigns a re-authentication

interval for the user through the session-timeout attribute, the assigned re-authentication interval will

take effect instead of that specified on the device. The re-authentication interval assignment varies by

server type. Refer to the specific authentication server implementation for further details.

Configuring a Guest VLAN

If the traffic from a user-side device carry VLAN tags and the 802.1X authentication and guest VLAN

functions are configured on the access port, you are recommended to configure different VLAN IDs for

the voice VLAN, default VLAN of the port, and 802.1X guest VLAN. This is to ensure the normal use of

the functions.

Configuration prerequisites

z

Create the VLAN to be specified as the guest VLAN.