Refer to AAA Operation Manual for detailed information about the dynamic VLAN delivery function.

Enabling 802.1x re-authentication

802.1x re-authentication is timer-triggered or packet-triggered. It re-authenticates users who have passed authentication. With 802.1x re-authentication enabled, the device can monitor the connection status of users periodically. If the device receives no re-authentication response from a user in a period of time, it tears down the connection to the user. To connect to the device again, the user needs to initiate 802.1x authentication with the client software again.

Figure 1-10802.1x re-authentication

Internet

Switch

RADIUS

Server

PC

PC

PC

802.1x re-authentication can be enabled in one of the following two ways:

z

z

The RADIUS server triggers the device to perform 802.1x re-authentication of users. The RADIUS server sends the device an Access-Accept packet with the Termination-Action attribute field of 1. Upon receiving the packet, the device re-authenticates users periodically.

You enable 802.1x re-authentication on the device. With 802.1x re-authentication enabled, the device re-authenticates users periodically.

802.1x re-authentication will fail if a iMC server is used and configured to perform authentication but not accounting. This is because a iMC server establishes a user session after it begins to perform accounting. Therefore, to enable 802.1x re-authentication, do not configure the accounting none command in the domain. This restriction does not apply to other types of servers.

Introduction to 802.1x Configuration

802.1x provides a solution for authenticating users. To implement this solution, you need to execute 802.1x-related commands. You also need to configure AAA schemes on the device and specify the authentication scheme (RADIUS, HWTACACS or local authentication scheme).

1-11

Page 232
Image 232
3Com WX3000 operation manual Introduction to 802.1x Configuration, Enabling 802.1x re-authentication