Operation Manual – 802.1x and System Guard
H3C S3100-52P Ethernet switch
Chapter 1 802.1x Configuration
1-11
response packets after the maximum number of handshake request transmission
attempts is reached.
z
Quiet-period timer (
quiet-period
). This timer sets the quiet-period. When a
supplicant system fails to pass the authentication, the switch quiets for the set
period (set by the quiet-period timer) before it processes another authentication
request re-initiated by the supplicant system. During this quiet period, the switch
does not perform any 802.1x authentication-related actions for the supplicant
system.
z
Re-authentication timer (
reauth-period
). The switch initiates 802.1x
re-authentication at the interval set by the re-authentication timer.
z
RADIUS server timer (
server-timeout
). This timer sets the server-timeout period.
After sending an authentication request packet to the RADIUS server, the switch
sends another authentication request packet if it does not receive the response
from the RADIUS server when this timer times out.
z
Supplicant system timer (
supp-timeout
). This timer sets the supp-timeout period
and is triggered by the switch after the switch sends a request/challenge packet to
a supplicant system. The switch sends another request/challenge packet to the
supplicant system if the switch does not receive the response from the supplicant
system when this timer times out.
z
Transmission timer (
tx-period
). This timer sets the tx-period and is triggered by
the switch in two cases. The first case is when the client requests for
authentication. The switch sends a unicast request/identity packet to a supplicant
system and then triggers the transmission timer. The switch sends another
request/identity packet to the supplicant system if it does not receive the reply
packet from the supplicant system when this timer times out. The second case is
when the switch authenticates the 802.1x client who cannot request for
authentication actively. The switch sends multicast request/identity packets
periodically through the port enabled with 802.1x function. In this case, this timer
sets the interval to send the multicast request/identity packets.
z
Client version request timer (
ver-period
). This timer sets the version period and is
triggered after a switch sends a version request packet. The switch sends another
version request packet if it does receive version response packets from the
supplicant system when the timer expires.
1.1.6 802.1x Implementation on an S3100-52P Switch
In addition to the earlier mentioned 802.1x features, an S3100-52P switch is also
capable of the following:
z
Checking supplicant systems for proxies, multiple network adapters, and so on
(This function needs the cooperation of a CAMS server.)
z
Checking client version
z
The guest VLAN function