76
Enabling the periodic online user reauthentication
feature
Periodic online user reauthentication tracks the connection status of online users, and updates the
authorization attributes assigned by the server. The reauthentication interval is user configurable.
The periodic online user reauthentication timer can also be set by the authentication server in the
session-timeout attribute. The server-assigned timer overrides the timer setting on the access device, and
enables periodic online user reauthentication, even if the feature is not configured. Support for the server
assignment of reauthentication timer and the reauthentication timer configuration on the server vary with
servers.
To enable the periodic online user reauthentication feature:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. (Optional.) Set the periodic
reauthentication timer.
dot1x timer reauth-period
reauth-period-value
The default is 3600 seconds.
3. Enter Layer 2 Ethernet
interface view.
interface interface-type
interface-number
N/A
4. Enable periodic online user
reauthentication.
dot1x re-authenticate By default, the feature is disabled.
Displaying and maintaining 802.1X
Execute the display commands in any view and reset commands in user view.
Task Command
Display 802.1X session information, statistics,
or configuration information of specified or all
ports.
display dot1x [ sessions | statistics ] [ interface interface-type
interface-number ]
Clear 802.1X statistics.
reset dot1x statistics [ interface interface-type
interface-number ]
802.1X authentication configuration example
Network requirements
As shown in Figure 31, the access device performs 802.1X authentication for users that connect to port
Ten-GigabitEthernet 1/0/1. Implement MAC-based access control on the port, so the logoff of one user
does not affect other online 802.1X users.
Use RADIUS servers to perform authentication, authorization, and accounting for the 802.1X users. If
RADIUS authentication fails, perform local authentication on the access device.