Configuring 802.1x re-authentication, Configuring the 802.1x re-authentication timer – H3C Technologies H3C WX3000 Series Unified Switches User Manual
Page 235
23-18
Configuring 802.1x Re-Authentication
Follow these steps to enable 802.1x re-authentication:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enable 802.1x globally
dot1x
Required
By default, 802.1x is disabled
globally.
In system view
dot1x
[ interface interface-list ]
Enable 802.1x
for specified
ports
In port view
dot1x
Required
By default, 802.1x is disabled on
all ports.
In system view
dot1x re-authenticate
[ interface
interface-list
]
Enable 802.1x
re-authenticatio
n on port(s)
In port view
dot1x re-authenticate
Required
By default, 802.1x
re-authentication is disabled on a
port.
To enable 802.1x re-authentication on a port, you must first enable 802.1x globally and on the port.
Configuring the 802.1x Re-Authentication Timer
After 802.1x re-authentication is enabled on the device, the device determines the re-authentication
interval in one of the following two ways:
1) The device uses the value of the Session-timeout attribute field of the Access-Accept packet sent
by the RADIUS server as the re-authentication interval.
2) The device uses the value configured with the dot1x timer reauth-period command as the
re-authentication interval for access users.
Note the following:
During re-authentication, the device always uses the latest re-authentication interval configured, no
matter which of the above-mentioned two ways is used to determine the re-authentication interval. For
example, if you configure a re-authentication interval on the device and the device receives an
Access-Accept packet whose Termination-Action attribute field is 1, the device will ultimately use the
value of the Session-timeout attribute field as the re-authentication interval.
The following introduces how to configure the 802.1x re-authentication timer on the device.
Follow these steps to configure the re-authentication interval:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Configure a re-authentication
interval
dot1x
timer reauth-period
reauth-period-value
Optional
By default, the re-authentication interval
is 3,600 seconds.