Enabling The Quiet Timer; Enabling The Re-Authentication Function; Configuring A Guest Vlan - H3C S9500E Series Security Configuration Manual

Routing switches

Hide thumbs Also See for S9500E Series:

Configuration manual (459 pages)

Command reference manual (225 pages)

Installation manual (154 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

151

152

153

154

155

156

157

158

159

160

161

162

163

164

165

166

167

168

169

170

171

172

173

174

175

176

177

178

179

180

181

182

183

184

185

186

187

188

189

190

191

192

193

194

195

196

197

198

199

200

201

202

203

204

205

206

207

Table of Contents

Enabling the quiet timer

After the quiet timer is enabled on the switch, when a client fails 802.1X authentication, the switch

refuses further authentication requests from the client in a period of time, which is specified by the

quiet timer (using the dot1x timer quiet-period command).

Follow these steps to enable the quiet timer:

To do...

Enter system view

Enable the quiet timer

Enabling the re-authentication function

If periodic re-authentication is enabled on a port, the switch will re-authenticate online users on the

port at the interval specified by the periodic re-authentication timer. This is intended to track the

connection status of online users and update the authorization attributes assigned by the server,

such as the VLAN and QoS Profile, ensuring that the users are in normal online state.

Follow these steps to enable the periodic re-authentication function:

To do...

Enter system view

Enter Ethernet interface view

Enable periodic re-

authentication

After an 802.1X user passes authentication, if the authentication server assigns a re-authentication interval

•

for the user through the session-timeout attribute, the assigned re-authentication interval will take effect

instead of that specified on the switch. The re-authentication interval assignment varies by server type. For

more information, see the specific authentication server implementation.

VLAN information assigned to the same user before and after re-authentication can be different.

•

However, if the server assigns VLAN information before re-authentication, it must assign that information

after re-authentication; if the server assigns no VLAN information before re-authentication, it cannot

assign that information after re-authentication.

Configuring a guest VLAN

If the traffic from a user-side switch carries VLAN tags and the 802.1X authentication and guest VLAN

•

functions are configured on the access port, it is recommended to configure different VLAN IDs for the

default VLAN of the port, and 802.1X guest VLAN. This is to ensure the normal use of the functions.

Use the command...

system-view

dot1x quiet-period

Use the command...

system-view

interface interface-type interface-

number

dot1x re-authenticate

Remarks

—

Required

Disabled by default

Remarks

—

Required

Disabled by default

Table of Contents

Enabling The Quiet Timer; Enabling The Re-Authentication Function; Configuring A Guest Vlan - H3C S9500E Series Security Configuration Manual

Enabling the quiet timer

Enabling the re-authentication function

Configuring a guest VLAN

Troubleshooting

Related Manuals for H3C S9500E Series

Related Content for H3C S9500E Series

Table of Contents