Advanced 802.1x configuration – H3C Technologies H3C S3600 Series Switches User Manual

1-15

To do…

Use the command...

Remarks

Set the maximum retry times
to send request packets

dot1x retry max-retry-value

Optional

By default, the maximum retry
times to send a request packet is
2. That is, the authenticator
system sends a request packet
to a supplicant system for up to
two times by default.

Set 802.1x timers

dot1x timer
{ handshake-period
handshake-period-value |
quiet-period quiet-period-value |
server-timeout
server-timeout-value |
supp-timeout
supp-timeout-value | tx-period
tx-period-value | ver-period
ver-period-value }

Optional

The settings of 802.1x timers are
as follows.

z

handshake-period-value: 15
seconds

z

quiet-period-value: 60
seconds

z

server-timeout-value: 100
seconds

z

supp-timeout-value: 30
seconds

z

tx-period-value: 30 seconds

z

ver-period-value: 30 seconds

Enable the quiet-period
timer

dot1x quiet-period

Optional

By default, the quiet-period timer
is disabled.

z

As for the dot1x max-user command, if you execute it in system view without specifying the

interface-list argument, the command applies to all ports. You can also use this command in port

view. In this case, this command applies to the current port only and the interface-list argument is

not needed.

z

As for the configuration of 802.1x timers, the default values are recommended.

Advanced 802.1x Configuration

Advanced 802.1x configurations, as listed below, are all optional.

z

Configuration concerning CAMS, including multiple network adapters detecting, proxy detecting,

and so on.

z

Client version checking configuration

z

DHCP–triggered authentication

z

Guest VLAN configuration

z

802.1x re-authentication configuration

z

Configuration of the 802.1x re-authentication timer

You need to configure basic 802.1x functions before configuring the above 802.1x features.