1-20
During re-authentication, the switch always uses the latest re-authentication interval configured, no
matter which of the above-mentioned two ways is used to determine the re-authentication interval. For
example, if you configure a re-authentication interval on the switch and the switch receives an
Access-Accept packet whose Termination-Action attribute field is 1, the switch will ultimately use the
value of the Session-timeout attribute field as the re-authentication interval.
The following introduces how to configure the 802.1x re-authentication timer on the switch.
Table 1-9 Configure the re-authentication interval
Operation Command Remarks
Enter system view
system-view
—
Configure a re-authentication
interval
dot1x timer reauth-period
reauth-period-value
Optional
By default, the
re-authentication interval is
3,600 seconds.
Displaying and Debugging 802.1x
After performing the above configurations, you can display and verify the 802.1x-related configuration
by executing the display command in any view.
You can clear 802.1x-related statistics information by executing the reset command in user view.
Table 1-10 Display and debug 802.1x
Operation Command Remarks
Display the configuration,
session, and statistics
information about 802.1x
display dot1x [ sessions |
statistics ] [ interface
interface-list ]
This command can be
executed in any view.
Clear 802.1x-related statistics
information
reset dot1x statistics
[ interface interface-list ]
Execute this command in user
view.
Configuration Example
802.1x Configuration Example
Network requirements
z Authenticate users on all ports to control their accesses to the Internet. The switch operates in
MAC address-based access control mode.
z All supplicant systems that pass the authentication belong to the default domain named
“aabbcc.net”. The domain can accommodate up to 30 users. As for authentication, a supplicant
system is authenticated locally if the RADIUS server fails. And as for accounting, a supplicant
system is disconnected by force if the RADIUS server fails. The name of an authenticated
supplicant system is not suffixed with the domain name. A connection is terminated if the total size
of the data passes through it during a period of 20 minutes is less than 2,000 bytes.
To Next Page
Loading...