Operation Manual – 802.1x and System Guard
H3C S5600 Series Ethernet Switches
Chapter 1 802.1x Configuration
1-23
Caution:
z
The guest VLAN function is available only when the switch operates in the
port-based authentication mode.
z
Only one guest VLAN can be configured for each switch.
z
The guest VLAN function cannot be implemented if you configure the
dot1x
dhcp-launch
command on the switch to enable DHCP-triggered authentication.
This is because the switch does not send authentication packets in that case.
1.4.5 Configuring 802.1x Re-Authentication
Follow these steps to enable 802.1x re-authentication:
To do...
Use the command...
Remarks
Enter system view
system-view
—
In system
view
dot1x re-authenticate
[
interface interface-list
]
Enable 802.1x
re-authenticati
on on port(s)
In port view
dot1x re-authenticate
Required
By default, 802.1x
re-authentication is
disabled on a port.
Note:
z
To enable 802.1x re-authentication on a port, you must first enable 802.1x globally
and on the port.
z
When re-authenticating a user, a switch goes through the complete authentication
process. It transmits the username and password of the user to the server. The
server may authenticate the username and password, or, however, use
re-authentication for only accounting and user connection status checking and
therefore does not authenticate the username and password any more.
z
An authentication server running CAMS authenticates the username and password
during re-authentication of a user in the EAP authentication mode but does not in
PAP or CHAP authentication mode.
1.4.6 Configuring the 802.1x Re-Authentication Timer
After 802.1x re-authentication is enabled on the switch, the switch determines the
re-authentication interval in one of the following two ways: