87
Step Command Remarks
2. Enter Ethernet interface view.
interface interface-type
interface-number
N/A
3. Specify a mandatory 802.1X
authentication domain on the
port.
dot1x mandatory-domain
domain-name
By default, no mandatory 802.1X
authentication domain is specified.
Configuring the quiet timer
The quiet timer enables the network access device to wait a period of time before it can process any
authentication request from a client that has failed an 802.1X authentication.
You can set the quiet timer to a high value in a vulnerable network or a low value for quicker
authentication response.
To configure the quiet timer:
Step Command Remarks
1. Enter system view. system-view N/A
2. Enable the quiet timer.
dot1x quiet-period By default, the timer is disabled.
3. Set the quiet timer.
dot1x timer quiet-period
quiet-period-value
Optional.
The default is 60 seconds.
Enabling the periodic online user re-authentication
function
Periodic online user re-authentication tracks the connection status of online users and updates the
authorization attributes assigned by the server, such as the ACL, VLAN, and user profile-based QoS. The
re-authentication interval is user configurable.
Configuration guidelines
• The periodic online user re-authentication timer can also be set by the authentication server in the
session-timeout attribute. The server-assigned timer overrides the timer setting on the access device,
and enables periodic online user re-authentication, even if the function is not configured. Support
for the server assignment of re-authentication timer and the re-authentication timer configuration on
the server vary with servers.
• The VLAN assignment status must be consistent before and after re-authentication. If the
authentication server has assigned a VLAN before re-authentication, it must also assign a VLAN at
re-authentication. If the authentication server has assigned no VLAN before re-authentication, it
must not assign one at re-authentication. Violation of either rule can cause the user to be logged off.
The VLANs assigned to an online user before and after re-authentication can be the same or
different.
To Next Page
Loading...
Need help?
General