HandShake
Specify whether to enable the online user handshake function.
The online user handshake function checks the connectivity status of online
802.1X users. The network access device sends handshake messages to online
users at the interval specified by the Handshake Period setting. If no response is
received from an online user after the maximum number of handshake attempts
(set by the Retry Times setting) has been made, the network access device sets the
user in the offline state. For information about the timers, see Table 121.
IMPORTANT:
If the network has 802.1X clients that cannot exchange handshake packets with
the network access device, disable the online user handshake function to prevent
their connections from being inappropriately torn down.
Enable Re-authentication
Specify whether to enable periodic online user re-authentication on the port.
Periodic online user re-authentication tracks the connection status of online users
and updates the authorization attributes assigned by the server, such as the ACL,
and VLAN. The re-authentication interval is specified by the Re-Authentication
Period setting in Table 121.
Guest VLAN
Specify an existing VLAN as the guest VLAN. For more information, see
"Configuring an 802.1X guest VLAN."
Return to 802.1X configuration task list.
Configuring an 802.1X guest VLAN
1. Configuration guidelines
ï‚· You can configure only one 802.1X guest VLAN on a port. The 802.1X guest VLANs on different
ports can be different.
ï‚· Assign different IDs for the voice VLAN, default VLAN, and 802.1X guest VLAN on a port, so the
port can correctly process incoming VLAN tagged traffic.
ï‚· With 802.1X authentication, a hybrid port is always assigned to a VLAN as an untagged member.
After the assignment, do not re-configure the port as a tagged member in the VLAN.
2. Configuration prerequisites
ï‚· Create the VLAN to be specified as the 802.1X guest VLAN.
ï‚· On the 802.1X-enabled port that performs port-based access control, enable 802.1X multicast
trigger at the command line interface. (802.1X multicast trigger is enabled by default.)
Configuration examples
802.1X configuration example
Network requirements
ï‚· As shown in Figure 290, it is required to perform 802.1X authentication on port GigabitEthernet
1/0/1 to control user access to the Internet, configure the access control method as MAC address
based on the port, and enable periodic re-authentication of online users on the port, so that the
server can periodically update the authorization information of the users.
ï‚· All users belong to default domain test. RADIUS authentication is performed. If RADIUS accounting
fails, the switch gets the corresponding user offline. The RADIUS servers run iMC.
To Next Page
Loading...
Need help?
General