Follow these steps to configure the re-authentication interval:

To do…

Use the command…

Remarks

Enter system view

system-view

 

 

 

 

 

Optional

Configure a re-authentication

dot1x timer reauth-period

By default, the

interval

reauth-period-value

re-authentication interval is

 

 

3,600 seconds.

 

 

 

Displaying and Maintaining 802.1x

To do…

Use the command…

Remarks

Display the configuration,

display dot1x [ sessions

 

session, and statistics

statistics ] [ interface

Available in any view.

information about 802.1x

interface-list ]

 

 

 

 

Clear 802.1x-related statistics

reset dot1x statistics

Available in user view.

information

[ interface interface-list ]

 

 

 

 

Configuration Example

802.1x Configuration Example

Network requirements

As shown in Figure 1-12:

zAuthenticate users on all ports to control their accesses to the Internet. The device (Switch) operates in MAC-based access control mode.

zAll supplicant systems that pass the authentication belong to the default domain named “aabbcc.net”. The domain can accommodate up to 30 users. As for authentication, a supplicant system is authenticated locally if the RADIUS server fails. And as for accounting, a supplicant system is disconnected by force if the RADIUS server fails. The name of an authenticated supplicant system is not suffixed with the domain name. A connection is terminated if the total size of the data passes through it during a period of 20 minutes is less than 2,000 bytes.

zThe device is connected to a server comprising of two RADIUS servers whose IP addresses are 10.11.1.1 and 10.11.1.2. The RADIUS server with an IP address of 10.11.1.1 operates as the primary authentication server and the secondary accounting server. The other operates as the secondary authentication server and primary accounting server. The password for the device and the authentication RADIUS servers to exchange message is “name”. And the password for the device and the accounting RADIUS servers to exchange message is “money”. The device sends another packet to the RADIUS servers again if it sends a packet to the RADIUS server and does not receive response for 5 seconds, with the maximum number of retries of 5. And the device sends a real-time accounting packet to the RADIUS servers once in every 15 minutes. A user name is sent to the RADIUS servers with the domain name truncated.

zThe user name and password for local 802.1x authentication are “localuser” and “localpass” (in plain text) respectively. The idle disconnecting function is enabled.

1-19

Page 240
Image 240
3Com WX3000 operation manual Displaying and Maintaining, 802.1x Configuration Example