1x implementation on an s3600 series switch, Checking the supplicant system – H3C Technologies H3C S3600 Series Switches User Manual

1-9

z

Re-authentication timer (reauth-period). The switch initiates 802.1x re-authentication at the

interval set by the re-authentication timer.

z

RADIUS server timer (server-timeout). This timer sets the server-timeout period. After sending an

authentication request packet to the RADIUS server, the switch sends another authentication

request packet if it does not receive the response from the RADIUS server when this timer times

out.

z

Supplicant system timer (supp-timeout). This timer sets the supp-timeout period and is triggered

by the switch after the switch sends a request/challenge packet to a supplicant system. The switch

sends another request/challenge packet to the supplicant system if the switch does not receive the

response from the supplicant system when this timer times out.

z

Transmission timer (tx-period). This timer sets the tx-period and is triggered by the switch in two

cases. The first case is when the client requests for authentication. The switch sends a unicast

request/identity packet to a supplicant system and then triggers the transmission timer. The switch

sends another request/identity packet to the supplicant system if it does not receive the reply

packet from the supplicant system when this timer times out. The second case is when the switch

authenticates the 802.1x client who cannot request for authentication actively. The switch sends

multicast request/identity packets periodically through the port enabled with 802.1x function. In this

case, this timer sets the interval to send the multicast request/identity packets.

z

Client version request timer (ver-period). This timer sets the version period and is triggered after a

switch sends a version request packet. The switch sends another version request packet if it does

receive version response packets from the supplicant system when the timer expires.

802.1x Implementation on an S3600 Series Switch

In addition to the earlier mentioned 802.1x features, an S3600 series switch is also capable of the

following:

z

Checking supplicant systems for proxies, multiple network adapters, and so on (This function

needs the cooperation of a CAMS server.)

z

Checking client version

z

The guest VLAN function

H3C's CAMS Server is a service management system used to manage networks and to secure

networks and user information. With the cooperation of other networking devices (such as switches) in

the network, a CAMS server can implement the AAA functions and rights management.

Checking the supplicant system

An S3600 series switch checks:

z

Supplicant systems logging on through proxies

z

Supplicant systems logging on through IE proxies

z

Whether or not a supplicant system logs in through more than one network adapters (that is,

whether or not more than one network adapters are active in a supplicant system when the

supplicant system logs in).