3com WX3000 Manuel D’Utilisation

 

1-11 

Refer to AAA Operation Manual for detailed information about the dynamic VLAN delivery function. 

802.1x re-authentication is timer-triggered or packet-triggered. It re-authenticates users who have 

passed authentication. With 802.1x re-authentication enabled, the device can monitor the connection 

status of users periodically. If the device receives no re-authentication response from a user in a period 

of time, it tears down the connection to the user. To connect to the device again, the user needs to 

initiate 802.1x authentication with the client software again.  

Figure 1-10 802.1x re-authentication 

PC

Internet

PC

PC

RADIUS 

Server

Switch

 

 

802.1x re-authentication can be enabled in one of the following two ways: 

z 

The RADIUS server triggers the device to perform 802.1x re-authentication of users. The RADIUS 

server sends the device an Access-Accept packet with the Termination-Action attribute field of 1. 

Upon receiving the packet, the device re-authenticates users periodically.  

z 

You enable 802.1x re-authentication on the device. With 802.1x re-authentication enabled, the 

device re-authenticates users periodically.  

 

802.1x re-authentication will fail if a iMC server is used and configured to perform authentication but not 

accounting. This is because a iMC server establishes a user session after it begins to perform 

accounting. Therefore, to enable 802.1x re-authentication, do not configure the accounting none 

command in the domain. This restriction does not apply to other types of servers.  

 

802.1x provides a solution for authenticating users. To implement this solution, you need to execute 

802.1x-related commands. You also need to configure AAA schemes on the device and specify the 

authentication scheme (RADIUS, HWTACACS or local authentication scheme).