3Com WX3000 Displaying and Maintaining 802.1x , Configuration Example

1-19

Follow these steps to configure the re-authentication interval:

To do… Use the command… Remarks

Enter system view system-view —

Configure a re-authentication

interval dot1x timer reauth-period

reauth-period-value

Optional

By default, the

re-authentication interval is

3,600 seconds.

Displaying and Maintaining 802.1x

To do… Use the command… Remarks

Display the configuration,

session, and statistics

information about 802.1x

display dot1x [ sessions |

statistics ] [ interface

interface-list ] Available in any view.

Clear 802.1x-related statistics

information reset dot1x statistics

[ interface interface-list ] Available in user view.

Configuration Example

Network requirements

As shown in Figure 1-12:

z Authenticate users on all ports to control their accesses to the Internet. The device (Switch)

operates in MAC-based access control mode.

z All supplicant systems that pass the authentication belong to the default domain named

“aabbcc.net”. The domain can accommodate up to 30 users. As for authentication, a supplicant

system is authenticated locally if the RADIUS server fails. And as for accounting, a supplicant

system is disconnected by force if the RADIUS server fails. The name of an authenticated

supplicant system is not suffixed with the domain name. A connection is terminated if the total size

of the data passes through it during a period of 20 minutes is less than 2,000 bytes.

z The device is connected to a server comprising of two RADIUS servers whose IP addresses are

10.11.1.1 and 10.11.1.2. The RADIUS server with an IP address of 10.11.1.1 operates as the

primary authentication server and the secondary accounting server. The other operates as the

secondary authentication server and primary accounting server. The password for the device and

the authentication RADIUS servers to exchange message is “name”. And the password for the

device and the accounting RADIUS servers to exchange message is “money”. The device sends

another packet to the RADIUS servers again if it sends a packet to the RADIUS server and does

not receive response for 5 seconds, with the maximum number of retries of 5. And the device

sends a real-time accounting packet to the RADIUS servers once in every 15 minutes. A user

name is sent to the RADIUS servers with the domain name truncated.

z The user name and password for local 802.1x authentication are “localuser” and “localpass” (in

plain text) respectively. The idle disconnecting function is enabled.