Setting the 802.1x authentication timeout timers, Configuring the online user handshake function – H3C Technologies H3C WX3000E Series Wireless Switches User Manual
Page 132
118
tx-period-value command or the dot1x timer supp-timeout supp-timeout-value command). The network
access device stops retransmitting the request, if it has made the maximum number of request
transmission attempts but still received no response.
To set the maximum number of authentication request attempts:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Set the maximum number of
attempts for sending an
authentication request.
dot1x retry max-retry-value
Optional.
2 by default
Setting the 802.1X authentication timeout timers
The network device uses the following 802.1X authentication timeout timers:
•
Client timeout timer—Starts when the access device sends an EAP-Request/MD5 Challenge packet
to a client. If no response is received when this timer expires, the access device retransmits the
request to the client.
•
Server timeout timer—Starts when the access device sends a RADIUS Access-Request packet to the
authentication server. If no response is received when this timer expires, the access device
retransmits the request to the server.
You can set the client timeout timer to a high value in a low-performance network, and adjust the server
timeout timer to adapt to the performance of different authentication servers. In most cases, the default
settings are sufficient.
To set the 802.1X authentication timeout timers:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Set the client timeout
timer.
dot1x timer supp-timeout
supp-timeout-value
Optional.
The default is 30 seconds.
3.
Set the server timeout
timer.
dot1x timer server-timeout
server-timeout-value
Optional.
The default is 100 seconds.
Configuring the online user handshake function
The online user handshake function checks the connectivity status of online 802.1X users. The network
access device sends handshake messages to online users at the interval specified by the dot1x timer
handshake-period command. If no response is received from an online user after the maximum number
of handshake attempts (set by the dot1x retry command) has been made, the network access device sets
the user in offline state.
If iNode clients are deployed, you can also enable the online handshake security function to check for
802.1X users that use illegal client software to bypass security inspection such as dual network interface
cards (NICs) detection. This function checks the authentication information in client handshake messages.
If a user fails the authentication, the network access device logs the user off.
- H3C WX5500E Series Access Controllers H3C WX3500E Series Access Controllers H3C WX2500E Series Access Controllers H3C WX6000 Series Access Controllers H3C WX5000 Series Access Controllers H3C LSWM1WCM10 Access Controller Module H3C LSUM3WCMD0 Access Controller Module H3C LSUM1WCME0 Access Controller Module H3C LSWM1WCM20 Access Controller Module H3C LSQM1WCMB0 Access Controller Module H3C LSRM1WCM2A1 Access Controller Module H3C LSBM1WCM2A0 Access Controller Module H3C WA3600 Series Access Points H3C WA2600 Series WLAN Access Points H3C S10500 Series Switches H3C S5800 Series Switches H3C S5820X Series Switches H3C S12500 Series Switches H3C S9500E Series Switches H3C MSR 5600 H3C MSR 50 H3C MSR 3600 H3C MSR 30 H3C MSR 2600 H3C MSR 20-2X[40] H3C MSR 20-1X H3C MSR 930 H3C MSR 900 H3C SR8800 H3C SR6600-X H3C SR6600 H3C SecPath F5020 H3C SecPath F5040 H3C VMSG VFW1000