Displaying And Debugging 802.1X; Configuration Example - 3Com 4200G 12-Port Configuration Manual

162 C 21: 802.1
HAPTER
Displaying and
Debugging 802.1x
Configuration
Example
802.1x Configuration
Example
C
X ONFIGURATION
Supplicant systems that are not authenticated, fail to pass the authentication, or are
offline belong to Guest VLANs.
You can verify the 802.1x-related configuration by executing the display command
in any view.
You can clear 802.1x-related statistics information by executing the reset command
in user view.
Table 128 Display and debug 802.1x
Operation
Display the configuration, session, and statistics
information about 802.1x.
Clear 802.1x-related statistics information
Network requirements
Authenticate users on all ports to control their accesses to the Internet. The switch
■
operates in MAC address-based access control mode. The access control mode is
MAC-address-based.
All supplicant systems that pass the authentication belong to the default domain
■
named aabbcc.net. The domain can accommodate up to 30 users. As for
authentication, a supplicant system is authenticated locally if the RADIUS server
fails. And as for accounting, a supplicant system is disconnected by force if the
RADIUS server fails. The name of an authenticated supplicant system is not
suffixed with the domain name. A connection is terminated if the total size of the
data passes through it during a period of 20 minutes is less than 2,000 bytes. All
connected clients belong to the same default domain: aabbcc.net, which
accommodates up to 30 clients. Authentication is performed either on the RADIUS
server, or locally (in case that the RADIUS server fails to respond). A client is
disconnected in one of the following two situations: RADIUS accounting fails; the
connected user has not included the domain name in the username, and there is a
continuous below 2000 bytes of traffic for over 20 minutes.
The switch is connected to a server comprising of two RADIUS servers whose IP
■
addresses are 10.11.1.1 and 10.11.1.2. The RADIUS server with an IP address of
10.11.1.1 operates as the primary authentication server and the secondary
accounting server. The other operates as the secondary authentication server and
primary accounting server. The password for the switch and the authentication
RADIUS servers to exchange message is name. And the password for the switch
and the accounting RADIUS servers to exchange message is money. The switch
sends another packet to the RADIUS servers again if it sends a packet to the
RADIUS server and does not receive response for 5 seconds with a maximum
number of retries of 5. And the switch sends a real-time accounting packet to the
RADIUS servers once in every 15 minutes. A user name is sent to the RADIUS
servers with the domain name truncated. Connected to the switch is a server
group comprised of two RADIUS servers whose IP addresses are 10.11.1.1 and
10.11.1.2 respectively, with the former being the primary authentication and the
secondary counting server, and the latter the secondary authentication and the
primary counting server. Configure the interaction password between the switch
Command
display dot1x [ sessions | statistics ] [
interface interface-list ]
reset dot1x statistics [ interface
interface-list ]