3Com 4210 9-Port - Advanced 802.1 X Configuration; Specifying a Mandatory Authentication Domain for a Port

To Next Page

To Previous Page

1-15

Operation Command Remarks

Set 802.1x timers

dot1x timer

{ handshake-period

handshake-period-value |

quiet-period

quiet-period-value |

server-timeout

server-timeout-value |

supp-timeout

supp-timeout-value |

tx-period tx-period-value |

ver-period ver-period-value }

Optional

The settings of 802.1x timers are as

follows.

z handshake-period-value: 15 seconds

z quiet-period-value: 60 seconds

z server-timeout-value: 100 seconds

z supp-timeout-value: 30 seconds

z tx-period-value: 30 seconds

z ver-period-value: 30 seconds

Enable the quiet-period

timer

dot1x quiet-period

Optional

By default, the quiet-period timer is

disabled.

z As for the dot1x max-user command, if you execute it in system view without specifying the

interface-list argument, the command applies to all ports. You can also use this command in port

view. In this case, this command applies to the current port only and the interface-list argument is

not needed.

z As for the configuration of 802.1x timers, the default values are recommended.

Advanced 802.1x Configuration

Advanced 802.1x configurations, as listed below, are all optional.

z Specifying a Mandatory Authentication Domain for a Port

z Configuration concerning CAMS, including multiple network adapters detecting, proxy detecting,

and so on.

z Client version checking configuration

z DHCP–triggered authentication

z Guest VLAN configuration

z 802.1x re-authentication configuration

z Configuration of the 802.1x re-authentication timer

You need to configure basic 802.1x functions before configuring the above 802.1x features.

Specifying a Mandatory Authentication Domain for a Port

By specifying a mandatory authentication domain for a port, you can implement a security control policy

for 802.1X users. That is, the system uses the mandatory authentication domain for authentication,

authorization, and accounting of all 802.1X users on the port, thus to prevent those users from using

other accounts to access the network.

Meanwhile, for EAP relay mode 802.1X authentication that uses certificates, the certificate of a user

determines the authentication domain of the user. However, you can specify different mandatory

authentication domains for different ports even if the user certificates are from the same certificate

Main Page

3Com 4210 9-Port - Advanced 802.1 X Configuration; Specifying a Mandatory Authentication Domain for a Port

Table of Contents

Related product manuals