Displaying and maintaining 802.1x configuration, Configuration example, 1x configuration example – H3C Technologies H3C S3600 Series Switches User Manual

1-19

During re-authentication, the switch always uses the latest re-authentication interval configured, no

matter which of the above-mentioned two ways is used to determine the re-authentication interval. For

example, if you configure a re-authentication interval on the switch and the switch receives an

Access-Accept packet whose Termination-Action attribute field is 1, the switch will ultimately use the

value of the Session-timeout attribute field as the re-authentication interval.

The following introduces how to configure the 802.1x re-authentication timer on the switch.

Follow these steps to configure the re-authentication interval:

To do...

Use the command...

Remarks

Enter system view

system-view

—

Configure a re-authentication
interval

dot1x timer reauth-period
reauth-period-value

Optional

By default, the
re-authentication interval is
3,600 seconds.

Displaying and Maintaining 802.1x Configuration

To do...

Use the command...

Remarks

Display the configuration,
session, and statistics
information about 802.1x

display dot1x [ sessions |
statistics ] [ interface
interface-list ]

Available in any view

Clear 802.1x-related statistics
information

reset dot1x statistics
[ interface interface-list ]

Available in user view

Configuration Example

802.1x Configuration Example

Network requirements

z

Authenticate users on all ports to control their accesses to the Internet. The switch operates in

MAC-based access control mode.

z

All supplicant systems that pass the authentication belong to the default domain named

“aabbcc.net”. The domain can accommodate up to 30 users. As for authentication, a supplicant

system is authenticated locally if the RADIUS server fails. And as for accounting, a supplicant

system is disconnected by force if the RADIUS server fails. The name of an authenticated

supplicant system is not suffixed with the domain name. A connection is terminated if the total size

of the data passes through it during a period of 20 minutes is less than 2,000 bytes.

z

The switch is connected to a server comprising of two RADIUS servers whose IP addresses are

10.11.1.1 and 10.11.1.2. The RADIUS server with an IP address of 10.11.1.1 operates as the

primary authentication server and the secondary accounting server. The other operates as the

secondary authentication server and primary accounting server. The password for the switch and

the authentication RADIUS servers to exchange message is “name”. And the password for the

switch and the accounting RADIUS servers to exchange message is “money”. The switch sends

another packet to the RADIUS servers again if it sends a packet to the RADIUS server and does

not receive response for 5 seconds, with the maximum number of retries of 5. And the switch sends