3com 5500-SI Manual Do Utilizador
426
C
HAPTER
21: 802.1
X
C
ONFIGURATION
By default, the keys of RADIUS authentication/authorization and accounting packets
are all “3com”.
are all “3com”.
Tag VLAN Assignment
on Trunk/Hybrid Port
Supported by 802.1x
Authentication
Currently, the 802.1x authentication module supports Tag VLAN assignment only on
Access port. But some applications (for example, this kind of connection: switch—IP
phone—PC) needs 802.1x authentication on Trunk/Hybrid port. For this reason, a
new feature, Tag VLAN assignment on Trunk/Hybrid port, is designed.
Access port. But some applications (for example, this kind of connection: switch—IP
phone—PC) needs 802.1x authentication on Trunk/Hybrid port. For this reason, a
new feature, Tag VLAN assignment on Trunk/Hybrid port, is designed.
■
After a MAC address authentication succeeds, the address information is
synchronously assigned in the whole fabric.
synchronously assigned in the whole fabric.
■
When a user logs off, the system restores the original VLAN information on the
Trunk/Hybrid port and synchronously deletes the corresponding address
information from the whole fabric.
Trunk/Hybrid port and synchronously deletes the corresponding address
information from the whole fabric.
Identifier Authentication
Method Attribute in
RADIUS
The purpose of adding identifier authentication method attribute into RADIUS
authentication packets is to distinguish different access modes, such as Portal,
802.1x, and PPPoE. For the non-3Com client block function, you can limit its
operation range to only 802.1x authentication, that is, allow the function to take
effect only when the identifier authentication method attribute is 802.1x.
authentication packets is to distinguish different access modes, such as Portal,
802.1x, and PPPoE. For the non-3Com client block function, you can limit its
operation range to only 802.1x authentication, that is, allow the function to take
effect only when the identifier authentication method attribute is 802.1x.
The adding of identifier authentication method attribute into an RADIUS
authentication packet is to fill the Framed Protocol attribute in the RADIUS
authentication request packet based on the access mode of the user.
authentication packet is to fill the Framed Protocol attribute in the RADIUS
authentication request packet based on the access mode of the user.
Setting Retransmission
Times of RADIUS
Request Packet
Since RADIUS protocol uses UDP packets to carry the data, the communication
process is not reliable. If the RADIUS server has not responded to NAS before timeout,
NAS has to retransmit the RADIUS request packet. If it transmits more than the
specified
process is not reliable. If the RADIUS server has not responded to NAS before timeout,
NAS has to retransmit the RADIUS request packet. If it transmits more than the
specified
retry-times
, NAS considers the communication with the primary and
secondary RADIUS servers has been disconnected.
You can use the following command to set the retransmission times of the RADIUS
request packet.
request packet.
Perform the following configurations in RADIUS Scheme View.
Table 459 Setting Retransmission Times of RADIUS Request Packet
By default, RADIUS request packet will be retransmitted up to three times.
Setting the Supported
Type of the RADIUS
Server
The Switch 5500 supports the standard RADIUS protocol and the extended RADIUS
service platforms.
service platforms.
You can use the following command to set the supported types of RADIUS servers.
Perform the following configurations in RADIUS Scheme View.
Perform the following configurations in RADIUS Scheme View.
Table 460 Setting the Supported Type of the RADIUS Server
Operation
Command
Set retransmission times of RADIUS request packet
retry
retry_times
Restore the default value of retransmission times
undo retry
Operation
Command
Setting the Supported Type of RADIUS Server
server-type { 3com | standard
}
}
Restore the RADIUS server type to the default setting
undo server_type