1-17
Operation
Command
Remarks
Set 802.1x timers
dot1x timer
{
handshake-period
handshake-period-value
|
quiet-period
quiet-period-value
|
server-timeout
server-timeout-value
|
supp-timeout
supp-timeout-value
|
tx-period tx-period-value
|
ver-period ver-period-value
}
Optional
The settings of 802.1x timers are as
follows.
z
handshake-period-value:
15 seconds
z
quiet-period-value:
60 seconds
z
server-timeout-value:
100 seconds
z
supp-timeout-value:
30 seconds
z
tx-period-value:
30 seconds
z
ver-period-value:
30 seconds
Enable the quiet-period
timer
dot1x quiet-period
Optional
By default, the quiet-period timer is
disabled.
z
As for the
dot1x max-user
command, if you execute it in system view without specifying the
interface-list
argument, the command applies to all ports. You can also use this command in port
view. In this case, this command applies to the current port only and the
interface-list
argument is
not needed.
z
As for the configuration of 802.1x timers, the default values are recommended.
Advanced 802.1x Configuration
Advanced 802.1x configurations, as listed below, are all optional.
z
Specifying a Mandatory Authentication Domain for a Port
z
Configuration concerning CAMS, including multiple network adapters detecting, proxy detecting,
and so on.
z
Client version checking configuration
z
DHCP–triggered authentication
z
Configuration of Unicast trigger for 802.1X Authentication
z
Guest VLAN configuration
z
Configuration of Auth-Fail VLAN for 802.1X Authentication
z
802.1x re-authentication configuration
z
Configuration of the 802.1x re-authentication timer
You need to configure basic 802.1x functions before configuring the above 802.1x features.
Specifying a Mandatory Authentication Domain for a Port
By specifying a mandatory authentication domain for a port, you can implement a security control policy
for 802.1X users. That is, the system uses the mandatory authentication domain for authentication,
authorization, and accounting of all 802.1X users on the port, thus to prevent those users from using
other accounts to access the network.
Meanwhile, for EAP relay mode 802.1X authentication that uses certificates, the certificate of a user
determines the authentication domain of the user. However, you can specify different mandatory
Содержание S3100 Series
Страница 12: ...10 You can e mail your comments about product documentation to info h3c com We appreciate your comments...
Страница 74: ...7 7 Sysname ip http acl 2030...
Страница 270: ...1 51 Sysname GigabitEthernet1 0 1 port trunk permit vlan all...
Страница 287: ...1 14 the interface on which the packet actually arrived The RPF check succeeds and the packet is forwarded...
Страница 579: ...ii Configuration Example 2 4 QoS Profile Configuration Example 2 4...
Страница 713: ...1 22 Total associations 1...
Страница 823: ...1 16...
Страница 1054: ...i Table of Contents Appendix A Acronyms A 1...