Features Working Together With 802.1X - H3C S5120-SI Series Operation Manual
Hide thumbs
Also See for S5120-SI Series:
- Command reference manual (910 pages) ,
- Configuration manual (745 pages) ,
- Installation manual (70 pages)
Table of Contents
Advertisement
Username request timeout timer (tx-period): This timer is triggered by the device in two cases. The
first case is when the client requests for authentication. The device starts this timer when it sends
an EAP-Request/Identity packet to a client. If it receives no response before this timer expires, the
device retransmits the request. The second case is when the device authenticates the 802.1X
client that cannot request for authentication actively. The device sends multicast
EAP-Request/Identity packets periodically through the port enabled with 802.1X function. In this
case, this timer sets the interval between sending the multicast EAP-Request/Identity packets.
Client timeout timer (supp-timeout): Once a device sends an EAP-Request/MD5 Challenge packet
to a client, it starts this timer. If this timer expires but it receives no response from the client, it
retransmits the request.
Server timeout timer (server-timeout): Once a device sends a RADIUS Access-Request packet to
the authentication server, it starts this timer. If this timer expires but it receives no response from
the server, it retransmits the request.
Handshake timer (handshake-period): After a client passes authentication, the device sends to the
client handshake requests at this interval to check whether the client is online. If the device
receives no response after sending the allowed maximum number of handshake requests, it
considers that the client is offline.
Quiet timer (quiet-period): When a client fails the authentication, the device refuses further
authentication requests from the client in this period of time.
Periodic re-authentication timer (reauth-period): If periodic re-authentication is enabled on a port,
the device re-authenticates online users on the port at the interval specified by this timer.
Features Working Together with 802.1X
These features are:
VLAN assignment
Guest VLAN
Auth-Fail VLAN
ACL assignment
Mandatory authentication domain for a specified port
VLAN assignment
After an 802.1X user passes the authentication, the server will send an authorization message to the
device. If the server is configured with the VLAN assignment function, the assigned VLAN information
will be included in the message. The device, depending on the link type of the port used to log in, adds
the port to the assigned VLAN according to the following rules:
If the port link type is Access, the port leaves its initial VLAN, that is, the VLAN configured for it and
joins the assigned VLAN.
If the port link type is Trunk, the assigned VLAN is allowed to pass the current trunk port. The
default VLAN ID of the port is that of the assigned VLAN.
If the port link type is Hybrid, the assigned VLAN is allowed to pass the current port without carrying
the tag. The default VLAN ID of the port is that of the assigned VLAN. Note that if the Hybrid port is
assigned a MAC-based VLAN, the device will dynamically create a MAC-based VLAN according to
the VLAN assigned by the authentication server, and remain the default VLAN ID of the port
unchanged.
1-10
Advertisement
Chapters
Table of Contents
Troubleshooting
