1-16
z 802.1x configurations take effect only after you enable 802.1x both globally and for
specified ports.
z The settings of 802.1x and MAC address learning limit are mutually exclusive.
Enabling 802.1x on a port will prevent you from setting the limit on MAC address
learning on the port and vice versa.
z The settings of 802.1x and aggregation group member are mutually exclusive.
Enabling 802.1x on a port will prevent you from adding the port to an aggregation group
and vice versa.
z When a device operates as an authentication server, its authentication method for
802.1x users cannot be configured as EAP.
z With the support of the H3C proprietary client, handshake packets are used to test
whether or not a user is online.
z As clients that are not of H3C do not support the online user handshaking function,
switches cannot receive handshake acknowledgement packets from them in
handshaking periods. To prevent users being falsely considered offline, you need to
disable the online user handshaking function in this case.
z The handshake packet protection function requires the cooperation of the client and
the authentication server. If either of the two ends does not support the function, you
need to disable it on the other one.
Timer and Maximum User Number Configuration
Follow these steps to configure 802.1x timers and the maximum number of users:
To do… Use the command... Remarks
Enter system view
system-view
—
In system
view
dot1x max-user
user-number [ interface
interface-list ]
interface interface-type
interface-number
dot1x max-user
user-number
Set the
maximum
number of
concurrent
on-line
users for
specified
ports
In port
view
quit
Optional
By default, a port can
accommodate up to 256
users at a time.
Set the maximum retry
times to send request
packets
dot1x retry max-retry-value
Optional
By default, the maximum
retry times to send a request
packet is 2. That is, the
authenticator system sends
a request packet to a
supplicant system for up to
two times by default.
To Next Page
Loading...
