3Com 4210G Series

To Next Page

To Previous Page

2-13

To do… Use the command… Remarks

Set the port

access control

mode for

specified or all

ports

dot1x port-control

{ authorized-force | auto |

unauthorized-force }

[ interface interface-list ]

Optional

auto by default

Set the port

access control

method for

specified or all

ports

dot1x port-method

{ macbased | portbased }

[ interface interface-list ]

Optional

macbased by default

Set the port

access control

parameters

Set the

maximum

number of

users for

specified or all

ports

dot1x max-user user-number

[ interface interface-list ]

Optional

256 by default

Set the maximum number of

attempts to send an

authentication request to a

client

dot1x retry max-retry-value

Optional

2 by default

Set timers

dot1x timer

{ handshake-period

handshake-period-value |

quiet-period

quiet-period-value |

reauth-period

reauth-period-value |

server-timeout

server-timeout-value |

supp-timeout

supp-timeout-value | tx-period

tx-period-value }

Optional

The defaults are as follows:

15 seconds for the handshake

timer,

60 seconds for the quiet timer,

3600 seconds for the periodic

re-authentication timer,

100 seconds for the server

timeout timer,

30 seconds for the client

timeout timer, and

30 seconds for the username

request timeout timer.

Enable the quiet timer

dot1x quiet-period

Optional

Disabled by default

Note that:

z For 802.1X to take effect on a port, you must enable it both globally in system view and for the port

in system view or Ethernet interface view.

z You can also enable 802.1X and set port access control parameters (that is, the port access

control mode, port access method, and the maximum number of users) for a port in Ethernet

interface view. For detailed configuration, refer to

Configuring 802.1X for a Port. The only

difference between configuring 802.1X globally and configuring 802.1X for a port lies in the

applicable scope. If both a global setting and a local setting exist for an argument of a port, the last

configured one is in effect.

z 802.1X timers only need to be changed in special or extreme network environments. For example,

you can give the client timeout timer a higher value in a low-performance network, give the quiet

timer a higher value in a vulnerable network or a lower value for quicker authentication response,

or adjust the server timeout timer to suit the performance of the authentication server.

Main Page

3Com 4210G Series - Page 556

Table of Contents

Other manuals for 3Com 4210G Series

Related product manuals