3com WX3000 Benutzerhandbuch
1-19
Follow these steps to configure the re-authentication interval:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Configure a re-authentication
interval
interval
dot1x timer reauth-period
reauth-period-value
reauth-period-value
Optional
By default, the
re-authentication interval is
3,600 seconds.
re-authentication interval is
3,600 seconds.
Displaying and Maintaining 802.1x
To do…
Use the command…
Remarks
Display the configuration,
session, and statistics
information about 802.1x
session, and statistics
information about 802.1x
display dot1x [ sessions |
statistics ] [ interface
interface-list ]
statistics ] [ interface
interface-list ]
Available in any view.
Clear 802.1x-related statistics
information
information
reset dot1x statistics
[ interface interface-list ]
[ interface interface-list ]
Available in user view.
Configuration Example
802.1x Configuration Example
Network requirements
As shown in
z
Authenticate users on all ports to control their accesses to the Internet. The device (Switch)
operates in MAC-based access control mode.
z
All supplicant systems that pass the authentication belong to the default domain named
“aabbcc.net”. The domain can accommodate up to 30 users. As for authentication, a supplicant
system is authenticated locally if the RADIUS server fails. And as for accounting, a supplicant
system is disconnected by force if the RADIUS server fails. The name of an authenticated
supplicant system is not suffixed with the domain name. A connection is terminated if the total size
of the data passes through it during a period of 20 minutes is less than 2,000 bytes.
z
The device is connected to a server comprising of two RADIUS servers whose IP addresses are
10.11.1.1 and 10.11.1.2. The RADIUS server with an IP address of 10.11.1.1 operates as the
primary authentication server and the secondary accounting server. The other operates as the
secondary authentication server and primary accounting server. The password for the device and
the authentication RADIUS servers to exchange message is “name”. And the password for the
device and the accounting RADIUS servers to exchange message is “money”. The device sends
another packet to the RADIUS servers again if it sends a packet to the RADIUS server and does
not receive response for 5 seconds, with the maximum number of retries of 5. And the device
sends a real-time accounting packet to the RADIUS servers once in every 15 minutes. A user
name is sent to the RADIUS servers with the domain name truncated.
z
The user name and password for local 802.1x authentication are “localuser” and “localpass” (in
plain text) respectively. The idle disconnecting function is enabled.