3com 4210 PWR 9-Port 3CR17341-91-ME User Manual
Product codes
3CR17341-91-ME
228
C
HAPTER
17: 802.1
X
C
ONFIGURATION
c
CAUTION:
■
The Guest VLAN function is available only when the switch operates in the
port-based authentication mode.
port-based authentication mode.
■
Only one Guest VLAN can be configured for each switch.
■
The Guest VLAN function cannot be implemented when the switch executes
the dot1x dhcp-launch command to enable DHCP-triggered authentication.
This is because that in that case the switch does not send authentication
packets.
the dot1x dhcp-launch command to enable DHCP-triggered authentication.
This is because that in that case the switch does not send authentication
packets.
Configuring 802.1x
Re-Authentication
n
To enable 802.1x re-authentication on a port, you must first enable 802.1x
globally and on the port.
globally and on the port.
Configuring the 802.1x
Re-Authentication Timer
After 802.1x re-authentication is enabled on the switch, the switch determines the
re-authentication interval in one of the following two ways:
re-authentication interval in one of the following two ways:
1 The switch uses the value of the Session-timeout attribute field of the
Access-Accept packet sent by the RADIUS server as the re-authentication interval.
2 The switch uses the value configured with the dot1x timer reauth-period
command as the re-authentication interval for access users.
Note the following:
During re-authentication, the switch always uses the latest re-authentication
interval configured, no matter which of the above-mentioned two ways is used to
determine the re-authentication interval. For example, if you configure a
re-authentication interval on the switch and the switch receives an Access-Accept
packet whose Termination-Action attribute field is 1, the switch will ultimately use
the value of the Session-timeout attribute field as the re-authentication interval.
interval configured, no matter which of the above-mentioned two ways is used to
determine the re-authentication interval. For example, if you configure a
re-authentication interval on the switch and the switch receives an Access-Accept
packet whose Termination-Action attribute field is 1, the switch will ultimately use
the value of the Session-timeout attribute field as the re-authentication interval.
The following introduces how to configure the 802.1x re-authentication timer on
the switch.
the switch.
Table 168 Enable 802.1x re-authentication
Operation
Command
Remarks
Enter system view
system-view
-
Enable
802.1x
re-authentic
ation on
port(s)
802.1x
re-authentic
ation on
port(s)
In system
view
view
dot1x re-authenticate [
interface interface-list ]
interface interface-list ]
Required
By default, 802.1x
re-authentication is disabled on
a port.
re-authentication is disabled on
a port.
In port view dot1x re-authenticate
Table 169 Configure the re-authentication interval
Operation
Command
Remarks
Enter system view
system-view
-
Configure a
re-authentication interval
re-authentication interval
dot1x timer reauth-period
reauth-period-value
reauth-period-value
Optional
By default, the
re-authentication interval is
3,600 seconds.
re-authentication interval is
3,600 seconds.