beautypg.com

Introduction to 802.1x configuration – H3C Technologies H3C S3600 Series Switches User Manual

Page 485

background image

1-12

z

The RADIUS server has the switch perform 802.1x re-authentication of users. The RADIUS server

sends the switch an Access-Accept packet with the Termination-Action attribute field of 1. Upon

receiving the packet, the switch re-authenticates the user periodically.

z

You enable 802.1x re-authentication on the switch. With 802.1x re-authentication enabled, the

switch re-authenticates users periodically.

802.1x re-authentication will fail if a CAMS server is used and configured to perform authentication but

not accounting. This is because a CAMS server establishes a user session after it begins to perform

accounting. Therefore, to enable 802.1x re-authentication, do not configure the accounting none

command in the domain. This restriction does not apply to other types of servers.

Introduction to 802.1x Configuration

802.1x provides a solution for authenticating users. To implement this solution, you need to execute

802.1x-related commands. You also need to configure AAA schemes on switches and specify the

authentication scheme (RADIUS or local authentication scheme).

Figure 1-11 802.1x configuration

z

802.1x users use domain names to associate with the ISP domains configured on switches

z

Configure the AAA scheme (a local authentication scheme or a RADIUS scheme) to be adopted in

the ISP domain.

z

If you specify to use a local authentication scheme, you need to configure the user names and

passwords manually on the switch. Users can pass the authentication through 802.1x client if they

provide user names and passwords that match those configured on the switch.

z

If you specify to adopt the RADIUS scheme, the supplicant systems are authenticated by a remote

RADIUS server. In this case, you need to configure user names and passwords on the RADIUS

server and perform RADIUS client-related configuration on the switches.

z

You can also specify to adopt the RADIUS authentication scheme, with a local authentication

scheme as a backup. In this case, the local authentication scheme is adopted when the RADIUS

server fails.

Refer to the AAA Operation for detailed information about AAA scheme configuration.

This manual is related to the following products:
See also other documents in the category H3C Technologies Routers: