I. checking the supplicant system – H3C Technologies H3C S3100 Series Switches User Manual

Operation Manual – 802.1x

H3C S3100-52P Ethernet Switch

Chapter 1 802.1x Configuration

1-10

request/identity packet to the supplicant system if it does not receive the reply
packet from the supplicant system when this timer times out. The second case is
when the switch authenticates the 802.1x client who cannot request for
authentication actively. The switch sends multicast request/identity packets
periodically through the port enabled with 802.1x function. In this case, this timer
sets the interval to send the multicast request/identity packets.

z

Supplicant system timer (supp-timeout). This timer sets the supp-timeout period
and is triggered by the switch after the switch sends a request/challenge packet to
a supplicant system. The switch sends another request/challenge packet to the
supplicant system if the switch does not receive the response from the supplicant
system when this timer times out.

z

RADIUS server timer (server-timeout). This timer sets the server-timeout period.
After sending an authentication request packet to the RADIUS server, a switch
sends another authentication request packet if it does not receive the response
from the RADIUS server when this timer times out.

z

Handshake timer (handshake-period). This timer sets the handshake-period and
is triggered after a supplicant system passes the authentication. It sets the interval
for a switch to send handshake request packets to online users. If you set the
number of retries to N by using the dot1x retry command, an online user is
considered offline when the switch does not receive response packets from it in a
period N times of the handshake-period.

z

Quiet-period timer (quiet-period). This timer sets the quiet-period. When a
supplicant system fails to pass the authentication, the switch quiets for the set
period (set by the quiet-period timer) before it processes another authentication
request re-initiated by the supplicant system.

z

Client version request timer (ver-period). This timer sets the version period and is
triggered after a switch sends a version request packet. The switch sends another
version request packet if it does receive version response packets from the
supplicant system when the timer expires.

1.1.6 802.1x Implementation on an S3100-52P Ethernet Switch

In addition to the earlier mentioned 802.1x features, an S3100-52P Ethernet Switch is
also capable of the following:

z

Checking supplicant systems for proxies, multiple network adapters, and so on
(This function needs the cooperation of a CAMS server.)

z

Checking client version

z

The Guest VLAN function

I. Checking the supplicant system

An S3100-52P Ethernet Switch checks:

z

Supplicant systems logging on through proxies