Operation Manual – 802.1x-HABP-MAC Authentication
H3C S3610&S5510 Series Ethernet Switches
Chapter 1 802.1x Configuration
1-15
To do…
Use the command…
Remarks
Set the maximum number
of attempts to send an
authentication request to
a supplicant
dot1x retry
max-retry-value
Optional
2 by default
Set timers
dot1x timer
{
handshake-period
handshake-period-value
|
quiet-period
quiet-period-value
|
server-timeout
server-timeout-value
|
supp-timeout
supp-timeout-value
|
tx-period
tx-period-value
}
Optional
The defaults are as
follows:
15 seconds for the
handshake timer,
60 seconds for the quiet
timer,
100 seconds for the
server timeout timer,
30 seconds for the
supplicant timeout timer,
and
30 seconds for the
username request timeout
timer.
Enable the quiet timer
dot1x quiet-period
Optional
Disabled by default
Enable detection and
control of users logging in
through proxies globally
dot1x supp-proxy-check
{
logoff
|
trap
} [
interface
interface-list
]
Optional
Disabled by default
Note that:
z
For 802.1x to take effect on a port, you must enable it both globally in system view
and for the port in system view or Ethernet interface view.
z
You can also enable 802.1x and set port access control parameters (that is, the
port access control mode, port access method, and the maximum number of users)
for a port in Ethernet interface view. For detailed configuration, refer to
. The only difference between configuring 802.1x globally and
configuring 802.1x for a port lies in the applicable scope. If both a global setting
and a local setting exist for an argument of a port, the last configured one is in
effect.
z
For the 802.1x proxy detection function to take effect on a port, you need to enable
the function both globally in system view and for intended ports in system view or
Ethernet interface view.
z
Generally, it is unnecessary to change 802.1x timers unless in some special or
extreme network environments.