Configuring 802.1x re-authentication, Configuring the 802.1x re-authentication timer – H3C Technologies H3C S3600 Series Switches User Manual
Page 491
1-18
z
The guest VLAN function is available only when the switch operates in the port-based
authentication mode.
z
Only one guest VLAN can be configured for each switch.
z
The guest VLAN function cannot be implemented if you configure the dot1x dhcp-launch
command on the switch to enable DHCP-triggered authentication. This is because the switch does
not send authentication packets in that case.
Configuring 802.1x Re-Authentication
Follow these steps to enable 802.1x re-authentication:
To do...
Use the command...
Remarks
Enter system view
system-view
—
In system view
dot1x re-authenticate
[ interface interface-list ]
Enable 802.1x
re-authentication
on port(s)
In port view
dot1x re-authenticate
Required
By default, 802.1x
re-authentication is
disabled on a port.
z
To enable 802.1x re-authentication on a port, you must first enable 802.1x globally and on the port.
z
When re-authenticating a user, a switch goes through the complete authentication process. It
transmits the username and password of the user to the server. The server may authenticate the
username and password, or, however, use re-authentication for only accounting and user
connection status checking and therefore does not authenticate the username and password any
more.
z
An authentication server running CAMS authenticates the username and password during
re-authentication of a user in the EAP authentication mode but does not in PAP or CHAP
authentication mode.
Configuring the 802.1x Re-Authentication Timer
After 802.1x re-authentication is enabled on the switch, the switch determines the re-authentication
interval in one of the following two ways:
z
The switch uses the value of the Session-timeout attribute field of the Access-Accept packet sent
by the RADIUS server as the re-authentication interval.
z
The switch uses the value configured with the dot1x timer reauth-period command as the
re-authentication interval for access users.
Note the following: