220
C
17: 802.1
HAPTER
X
802.1x Implementation
on an Switch 4210
Family
n
C
ONFIGURATION
Re-authentication timer (reauth-period): The switch will initiate 802.1x
■
re-authentication at the interval set by the re-authentication timer.
RADIUS server timer (server-timeout). This timer sets the server-timeout
■
period. After sending an authentication request packet to the RADIUS server,
the switch sends another authentication request packet if it does not receive
the response from the RADIUS server when this timer times out.
Supplicant system timer (supp-timeout). This timer sets the supp-timeout
■
period and is triggered by the switch after the switch sends a request/challenge
packet to a supplicant system. The switch sends another request/challenge
packet to the supplicant system if the switch does not receive the response
from the supplicant system when this timer times out.
Transmission timer (tx-period). This timer sets the tx-period and is triggered by
■
the switch in two cases. The first case is when the client requests for
authentication. The switch sends a unicast request/identity packet to a
supplicant system and then triggers the transmission timer. The switch sends
another request/identity packet to the supplicant system if it does not receive
the reply packet from the supplicant system when this timer times out. The
second case is when the switch authenticates the 802.1x client who cannot
request for authentication actively. The switch sends multicast request/identity
packets periodically through the port enabled with 802.1x function. In this
case, this timer sets the interval to send the multicast request/identity packets.
Client version request timer (ver-period). This timer sets the version period and
■
is triggered after a switch sends a version request packet. The switch sends
another version request packet if it does receive version response packets from
the supplicant system when the timer expires.
In addition to the earlier mentioned 802.1x features, the Switch 4210 is also
capable of the following:
Checking supplicant systems for proxies, multiple network adapters, and so on
■
(This function needs the cooperation of a CAMS server.)
Checking client version
■
The Guest VLAN function
■
3Com's CAMS Server is a service management system used to manage networks
and to secure networks and user information. With the cooperation of other
networking devices (such as switches) in the network, a CAMS server can
implement the AAA functions and rights management.
Checking the supplicant system
The Switch 4210 checks:
Supplicant systems logging on through proxies
■
Supplicant systems logging on through IE proxies
■
Whether or not a supplicant system logs in through more than one network
■
adapters (that is, whether or not more than one network adapters are active in
a supplicant system when the supplicant system logs in).
In response to any of the three cases, a switch can optionally take the following
measures: