228 CHAPTER 17: 802.1X CONFIGURATION
c
CAUTION:
■ The Guest VLAN function is available only when the switch operates in the
port-based authentication mode.
■ Only one Guest VLAN can be configured for each switch.
■ The Guest VLAN function cannot be implemented when the switch executes
the dot1x dhcp-launch command to enable DHCP-triggered authentication.
This is because that in that case the switch does not send authentication
packets.
Configuring 802.1x
Re-Authentication
n
To enable 802.1x re-authentication on a port, you must first enable 802.1x
globally and on the port.
Configuring the 802.1x
Re-Authentication Timer
After 802.1x re-authentication is enabled on the switch, the switch determines the
re-authentication interval in one of the following two ways:
1 The switch uses the value of the Session-timeout attribute field of the
Access-Accept packet sent by the RADIUS server as the re-authentication interval.
2 The switch uses the value configured with the dot1x timer reauth-period
command as the re-authentication interval for access users.
Note the following:
During re-authentication, the switch always uses the latest re-authentication
interval configured, no matter which of the above-mentioned two ways is used to
determine the re-authentication interval. For example, if you configure a
re-authentication interval on the switch and the switch receives an Access-Accept
packet whose Termination-Action attribute field is 1, the switch will ultimately use
the value of the Session-timeout attribute field as the re-authentication interval.
The following introduces how to configure the 802.1x re-authentication timer on
the switch.
Tabl e 168 Enable 802.1x re-authentication
Operation Command Remarks
Enter system view system-view -
Enable
802.1x
re-authentic
ation on
port(s)
In system
view
dot1x re-authenticate [
interface interface-list ]
Required
By default, 802.1x
re-authentication is disabled on
a port.
In port view dot1x re-authenticate
Tabl e 169 Configure the re-authentication interval
Operation Command Remarks
Enter system view system-view -
Configure a
re-authentication interval
dot1x timer reauth-period
reauth-period-value
Optional
By default, the
re-authentication interval is
3,600 seconds.
To Next Page
Loading...
