Table of Contents
Advertisement
Raisecom
ISCOM2600G-HI (A) Series Configuration Guide
10.7.2 Preparing for configruations
Scenario
To realize access authentication on LAN users and ensure access user security, you need to
configure 802.1x authentication on the ISCOM2600G-HI series switch.
If users are authenticated, they are allowed to access network resources. Otherwise, they
cannot access network resources. By performing authentication control on user access
interface, you can manage the users.
Prerequisite
If RADIUS authentication server is used, you need to perform following operations before
configuring 802.1x authentication:
10.7.3 Default configurations of 802.1x
Default configurations of 802.1x are as below.
Global 802.1x
Interface 802.1x
Global authentication mode
Interface access control mode
Reauth-period: re-authorization t timer. After the period is exceeded, the ISCOM2600G-
HI series switch re-initiates authorization.
Quiet-period: quiet timer. When user authorization fails, the ISCOM2600G-HI series
switch needs to keep quiet for a period. After the period is exceeded, the ISCOM2600G-
HI series switch re-initiates authorization. During the quiet time, the ISCOM2600G-HI
series switch does not process authorization packets.
Tx-period: transmission timeout timer. When the ISCOM2600G-HI series switch sends a
Request/Identity packet to users, the ISCOM2600G-HI series switch will initiate the
timer. If users do not send an authorization response packet during the tx-period, the
ISCOM2600G-HI series switch will re-send an authorization request packet. The
ISCOM2600G-HI series switch sends this packet three times in total.
Supp-timeout: Supplicant authorization timeout timer. When the ISCOM2600G-HI series
switch sends a Request/Challenge packet to users, the ISCOM2600G-HI series switch
will initiate supp-timeout timer. If users do not send an authorization response packet
during the supp-timeout, the ISCOM2600G-HI series switch will re-send the
Request/Challenge packet. The ISCOM2600G-HI series switch sends this packet twice
in total.
Server-timeout: Authentication server timeout timer. The timer defines the total timeout
period of sessions between authorizer and the RADIUS server. When the configured time
is exceeded, the authenticator will end the session with the RADIUS server and start a
new authorization process.
Configure the IP address of the RADIUS server and the RADIUS shared key.
The ISCOM2600G-HI series switch can ping through the RADIUS server successfully.
Function
Raisecom Proprietary and Confidential
Copyright © Raisecom Technology Co., Ltd.
10 Security
Default value
Disable
Disable
Chap
Auto
433
Advertisement
Table of Contents
