802.1x Implementation
on the Switch 7750
Supplicant system timer (supp-timeout): This timer sets the supp-timeout
■
period and is triggered by the switch after the switch sends a request/challenge
packet to a supplicant system. The switch sends another request/challenge
packet to the supplicant system if the supplicant system fails to respond when
this timer times out.
RADIUS server timer (server-timeout): This timer sets the server-timeout
■
period. The switch sends another authentication request packet if the RADIUS
server fails to respond when this timer times out.
Handshake timer (handshake-period): This timer sets the handshake-period
■
and is triggered after a supplicant system passes the authentication. It sets the
interval for a switch to send handshake request packets to online users. If you
set the number of retries to N by using the dot1x retry command, an online
user is considered offline when the switch does not receive response packets
from it in a period N times of the handshake-period.
Re-authentication timer (reauth-period): Within this timer period, a supplicant
■
system initializes 802.1x re-authentication.
Quiet-period timer (quiet-period): This timer sets the quiet-period. When a
■
supplicant system fails to pass the authentication, the switch quiets for the set
period (set by the quiet-period timer) before it processing another
802.1x-relatedauthentication request initiated by the supplicant system.
ver-period: This timer sets the client version request timer. If the supplicant
■
system does not send the version response packets within the set period, the
switch sends another version request packet.
In addition to the earlier mentioned 802.1x features, a Switch 7750 is also capable
of the following:
Cooperating with a CAMS server to perform proxy detection, such as detecting
■
login through proxy and multiple network adapters
Checking client version
■
Implementing the Guest VLAN function
■
Proxy detection
A Switch 7750 implements 802.1x proxy detection to check:
Supplicant systems logging on through proxies
■
Supplicant systems logging on through IE proxies
■
Whether or not a supplicant system logs in through more than one network
■
modules (that is, whether or not more than one network adapters are active in
a supplicant system when the supplicant system logs in).
In response to any of the three cases, a switch can optionally take the following
measures:
Disconnect the supplicant system and send Trap packets (achieved via the
■
dot1x supp-proxy-check logoff command.)
Send Trap packets without disconnecting the supplicant system (achieved via
■
the dot1x supp-proxy-check trap command.)
This function needs the support of 802.1x clients and CAMS:
Introduction to 802.1x
397