During re-authentication, the switch always uses the latest re-authentication interval configured, no
matter which of the above-mentioned two ways is used to determine the re-authentication interval. For
example, if you configure a re-authentication interval on the switch and the switch receives an
Access-Accept packet whose Termination-Action attribute field is 1, the switch will ultimately use the
value of the Session-timeout attribute field as the re-authentication interval.
The following introduces how to configure the 802.1x re-authentication timer on the switch.
Follow these steps to configure the re-authentication interval:
To do...
Use the command...
Remarks
Enter system view
system-view
—
Configure a re-authentication
interval
dot1x
timer reauth-period
reauth-period-value
Optional
By default, the
re-authentication interval is
3,600 seconds.
Displaying and Maintaining 802.1x Configuration
To do...
Use the command...
Remarks
Display the configuration,
session, and statistics
information about 802.1x
display dot1x
[
sessions
|
statistics
] [
interface
interface-list
]
Available in any view
Clear 802.1x-related statistics
information
reset dot1x statistics
[
interface interface-list
]
Available in user view
Configuration Example
802.1x Configuration Example
Network requirements
z
Authenticate users on all ports to control their accesses to the Internet. The switch operates in
MAC-based access control mode.
z
All supplicant systems that pass the authentication belong to the default domain named
“aabbcc.net”. The domain can accommodate up to 30 users. As for authentication, a supplicant
system is authenticated locally if the RADIUS server fails. And as for accounting, a supplicant
system is disconnected by force if the RADIUS server fails. The name of an authenticated
supplicant system is not suffixed with the domain name. A connection is terminated if the total size
of the data passes through it during a period of 20 minutes is less than 2,000 bytes.
z
The switch is connected to a server comprising of two RADIUS servers whose IP addresses are
10.11.1.1 and 10.11.1.2. The RADIUS server with an IP address of 10.11.1.1 operates as the
primary authentication server and the secondary accounting server. The other operates as the
secondary authentication server and primary accounting server. The password for the switch and
the authentication RADIUS servers to exchange message is “name”. And the password for the
switch and the accounting RADIUS servers to exchange message is “money”. The switch sends
another packet to the RADIUS servers again if it sends a packet to the RADIUS server and does
not receive response for 5 seconds, with the maximum number of retries of 5. And the switch sends
28-19