1-19
To do... Use the command... Remarks
Enter system view
system-view
—
In system view
dot1x re-authenticate
[ interface interface-list ]
Enable 802.1x
re-authentication
on port(s)
In port view
dot1x re-authenticate
Required
By default, 802.1x
re-authentication is
disabled on a port.
Note:
z To enable 802.1x re-authentication on a port, you must first enable 802.1x globally and on the port.
z When re-authenticating a user, a switch goes through the complete authentication process. It
transmits the username and password of the user to the server. The server may authenticate the
username and password, or, however, use re-authentication for only accounting and user
connection status checking and therefore does not authenticate the username and password any
more.
z An authentication server running CAMS authenticates the username and password during
re-authentication of a user in the EAP authentication mode but does not in PAP or CHAP
authentication mode.
Configuring the 802.1x Re-Authentication Timer
After 802.1x re-authentication is enabled on the switch, the switch determines the re-authentication
interval in one of the following two ways:
z The switch uses the value of the Session-timeout attribute field of the Access-Accept packet sent by the
RADIUS server as the re-authentication interval.
z The switch uses the value configured with the dot1x timer reauth-period command as the
re-authentication interval for access users.
Note the following:
During re-authentication, the switch always uses the latest re-authentication interval configured, no
matter which of the above-mentioned two ways is used to determine the re-authentication interval. For
example, if you configure a re-authentication interval on the switch and the switch receives an
Access-Accept packet whose Termination-Action attribute field is 1, the switch will ultimately use the
value of the Session-timeout attribute field as the re-authentication interval.
The following introduces how to configure the 802.1x re-authentication timer on the switch.
Follow these steps to configure the re-authentication interval:
To do... Use the command... Remarks
Enter system view
system-view
—
Configure a re-authentication
interval
dot1x timer reauth-period
reauth-period-value
Optional
By default, the
re-authentication interval is
3,600 seconds.
To Next Page
Loading...
