1-13
Figure 1-10 802.1x re-authentication
PC
Internet
PC PC
RADIUS
Server
Switch
802.1x re-authentication can be enabled in one of the following two ways:
z The RADIUS server triggers the switch to perform 802.1x re-authentication of users. The RADIUS
server sends the switch an Access-Accept packet with the Termination-Action attribute field of 1.
Upon receiving the packet, the switch re-authenticates users periodically.
z You enable 802.1x re-authentication on the switch. With 802.1x re-authentication enabled, the
switch re-authenticates users periodically.
802.1x re-authentication will fail if a CAMS server is used and configured to perform authentication but
not accounting. This is because a CAMS server establishes a user session after it begins to perform
accounting. Therefore, to enable 802.1x re-authentication, do not configure the accounting none
command in the domain. This restriction does not apply to other types of servers.
Introduction to 802.1x Configuration
802.1x provides a solution for authenticating users. To implement this solution, you need to execute
802.1x-related commands. You also need to configure AAA schemes on switches and specify the
authentication scheme (RADIUS or local authentication scheme).
Figure 1-11 802.1x configuration
To Next Page
Loading...
