1-14
z 802.1x configurations take effect only after you enable 802.1x both globally and for specified ports.
z If you enable 802.1x for a port, you cannot set the maximum number of MAC addresses that can be
learnt for the port. Meanwhile, if you set the maximum number of MAC addresses that can be learnt
for a port, it is prohibited to enable 802.1x for the port.
z If you enable 802.1x for a port, it is not available to add the port to an aggregation group.
Meanwhile, if a port has been added to an aggregation group, it is prohibited to enable 802.1x for
the port.
z Changing the access control method on a port by the dot1x port-method command will forcibly
log out the online 802.1x users on the port.
z When a device operates as an authentication server, its authentication method for 802.1x users
cannot be configured as EAP.
z Handshaking packets need the support of the 3Com-proprietary client. They are used to test
whether or not a user is online.
z As clients that are not of 3Com do not support the online user handshaking function, switches
cannot receive handshaking acknowledgement packets from them in handshaking periods. To
prevent users being falsely considered offline, you need to disable the online user handshaking
function in this case.
z For the handshaking packet secure function to take effect, the clients that enable the function need
to cooperate with the authentication server. If either the clients or the authentication server does
not support the function, disabling the handshaking packet secure function is needed.
Timer and Maximum User Number Configuration
Table 1-2 Configure 802.1x timers and the maximum number of users
Operation Command Remarks
Enter system view
system-view
—
In
system
view
dot1x max-user user-number
[ interface interface-list ]
interface interface-type
interface-number
dot1x max-user user-number
Set the
maximum
number of
concurrent
on-line
users for
specified
ports
In port
view
quit
Optional
By default, a port can accommodate up
to 256 users at a time.
Set the maximum retry
times to send request
packets
dot1x retry max-retry-value
Optional
By default, the maximum retry times to
send a request packet is 2. That is, the
authenticator system sends a request
packet to a supplicant system for up to
two times by default.
To Next Page
Loading...