H3C S3610-28P Operation Manual page 882

Operation Manual – 802.1x-HABP-MAC Authentication
H3C S3610&S5510 Series Ethernet Switches
when an authenticator multicasts an EAP-Request/Identity frame. Once an
authenticator sends an EAP-Request/Identity frame to a supplicant, it starts this
timer. If this timer expires but it receives no response from the supplicant, it
retransmits the request. To cooperate with a supplicant system that does not send
EAPOL-Start
EAP-Request/Identity frames to the supplicant system at an interval defined by
this timer.
Supplicant timeout timer (supp-timeout): Once an authenticator sends an
EAP-Request/MD5 Challenge frame to a supplicant, it starts this timer. If this timer
expires but it receives no response from the supplicant, it retransmits the request.
Server timeout timer (server-timeout): Once an authenticator sends a RADIUS
Access-Request packet to the authentication server, it starts this timer. If this timer
expires but it receives no response from the server, it retransmits the request.
Handshake timer (handshake-period): After a supplicant passes authentication,
the authenticator sends to the supplicant handshake requests at this interval to
check whether the supplicant is online. If the authenticator receives no response
after sending the allowed maximum number of handshake requests, it considers
that the supplicant is offline.
Quiet timer (quiet-period): When a supplicant fails the authentication, the
authenticator refuses further authentication requests from the supplicant in this
period of time.
1.1.7 Implementation of 802.1x in the Devices
The devices extend and optimize the mechanism that the 802.1x protocol specifies by:
Allowing multiple users to access network services through the same physical
port.
Supporting two authentication methods: portbased and macbased. With the
portbased method, after the first user of a port passes authentication, all other
users of the port can access the network without authentication, and when the first
user goes offline, all other users get offline at the same time. With the macbased
method, each user of a port must be authenticated separately, and when an
authenticated user goes offline, no other users are affected.
requests unsolicitedly,
1-11
Chapter 1 802.1x Configuration
the authenticator multicasts