37
Usage guidelines
IMPORTANT:
This command takes effect only when the device uses an IMC RADIUS server to authenticate
802.1X users.
To ensure that the RADIUS server maintains the same online 802.1X user information as the device
after the server state changes from unreachable to reachable, use this feature.
This feature synchronizes online 802.1X user information between the device and the RADIUS
server when the RADIUS server state is detected having changed from unreachable to reachable.
When synchronizing online 802.1X user information on a port with the RADIUS server, the device
initiates 802.1X authentication in turn for each authenticated online 802.1X user to the RADIUS
server.
If synchronization fails for an online user, the device logs off that user unless the failure occurs
because the server has become unreachable again.
The amount of time required to complete online user synchronization increases as the number of
online users grows. This might result in an increased delay for new 802.1X users and users in the
critical VLAN to authenticate or reauthenticate to the RADIUS server and come online.
To have this feature take effect, you must use it in conjunction with the RADIUS server status
detection feature, which is configurable with the
radius-server test-profile
command.
When you configure this feature, make sure the detection interval is shorter than the RADIUS server
quiet timer configured by using the
timer quiet
command in RADIUS scheme view. The server
state changes to active on expiration of the quiet timer regardless of its actual reachability. Setting a
shorter detection interval than the quiet timer prevents the RADIUS server status detection feature
from falsely reporting the server reachability.
For more information about the RADIUS server status detection feature, see AAA configuration in
Security Configuration Guide
.
Examples
# Enable 802.1X online user synchronization on GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] dot1x server-recovery online-user-sync
Related commands
display dot1x
radius-server test-profile
timer quiet
(RADIUS scheme view)
dot1x timer
Use
dot1x
timer
to set an 802.1X timer.
Use
undo dot1x
timer
to restore the default of an 802.1X timer.
Syntax
dot1x timer
{
ead-timeout
ead-timeout-value
|
handshake-period
handshake-period-value
|
quiet-period quiet-period-value
|
reauth-period
reauth-period-value
|
server-timeout
server-timeout-value
|
supp-timeout
supp-timeout-value
|
tx-period
tx-period-value
|
user-aging
{
auth-fail-vlan
|
critical-vlan
|
guest-vlan
}
aging-time-value
}
Summary of Contents for SOHO IE4300
Page 285: ...i Contents Tcl commands 1 cli 1 tclquit 1 tclsh 2...
Page 288: ...i Contents Python commands 1 exit 1 python 1 python filename 2...
Page 291: ...i Contents Automatic configuration commands 1 autodeploy udisk enable 1...
Page 323: ...25 Sysname Ten GigabitEthernet1 0 51 undo shutdown Related commands irf port...
Page 465: ...ii stp vlan enable 55 vlan mapping modulo 55...
Page 602: ...12 Related commands display mvrp statistics...
Page 609: ...i Contents VLAN mapping commands 1 display vlan mapping 1 vlan mapping 2...
Page 678: ...9 Related commands reset pppoe relay statistics...
Page 846: ...i Contents Basic IP forwarding commands 1 display fib 1 ip forwarding table save 2...
Page 1770: ...i Contents Time range commands 1 display time range 1 time range 1...
Page 2026: ...34 Related commands display mac authentication...
Page 2028: ...ii...
Page 2143: ...i Contents User profile commands 1 display user profile 1 user profile 2...
Page 2308: ...61 ipsec transform set...
Page 2531: ...i Contents SAVI commands 1 ipv6 savi down delay 1 ipv6 savi log enable 1 ipv6 savi strict 2...
Page 2534: ...3 Sysname ipv6 savi strict Related commands ipv6 verify source...
Page 2791: ...14 Sysname track 1 Related commands delay display track...
Page 2939: ...9 sntp authentication keyid sntp reliable authentication keyid...
Page 2967: ...27 Related commands apply poe profile poe enable poe max power interface view poe priority...