65
For 802.1X authentication, if the status of every server is
block
, the device assigns the port
connected to an authentication user to the specified 802.1X critical VLAN. For more information
about the 802.1X critical VLAN, see
Security Configuration Guide
.
To ensure that the device can set the server to its actual status, set a longer quiet timer for the
primary server with the
timer quiet
command. If you set a short quiet timer and configure 802.1X
critical VLAN on a port, the device might frequently change the server status, and the port might
frequently join and leave the critical VLAN.
Examples
# For RADIUS scheme
radius1
, set the IP address of the primary authentication/authorization
server to 10.110.1.1, the UDP port to 1812, and the shared key to
hello
in plain text.
<Sysname> system-view
[Sysname] radius scheme radius1
[Sysname-radius-radius1] primary authentication 10.110.1.1 1812 key hello
# In RADIUS scheme
radius1
, set the username used for status detection of the primary
authentication/authorization server to
test
, and set the server status detection interval to 120
minutes.
<Sysname> system-view
[Sysname] radius scheme radius1
[Sysname-radius-radius1] primary authentication 10.110.1.1 probe username test interval
120
Related commands
•
key
(RADIUS scheme view)
•
vpn-instance
(RADIUS scheme view)
radius client
Use
radius client enable
to enable the RADIUS client service.
Use
undo radius client
to disable the RADIUS client service.
Syntax
radius client enable
undo radius client
Default
The RADIUS client service is enabled.
Views
System view
Default command level
2: System level
Usage guidelines
When the RADIUS client service is disabled, the following events occur:
•
No more stop-accounting requests of online users can be sent out or buffered, and the RADIUS
server can no longer receive logoff requests from online users. After a user goes offline, the
RADIUS server still has the user's record during a certain period of time.
•
The buffered accounting packets cannot be sent out and are deleted from the buffer when the
configured maximum number of attempts is reached, affecting the precision of user accounting.