Implementation On An S7500 Series Switch - H3C S7500 Series Operation Manual

Operation Manual – 802.1x
H3C S7500 Series Ethernet Switches
multicast request/identity packets continuously through the port with 802.1x
enabled at the interval of tx-period value.
Supplicant system timer (supp-timeout): This timer sets the supp-timeout period
and is triggered by the switch after the switch sends a request/challenge packet to
a supplicant system. The switch will send another request/challenge packet to the
supplicant system if it has not received any response from the supplicant system
when this timer times out.
RADIUS server timer (server-timeout): This timer sets the server-timeout period.
The switch will resend the authentication request packet if the RADIUS server
does not respond when this timer times out.
Handshake timer (handshake-period): This timer sets the handshake-period and
is triggered after a supplicant system passes the authentication. The switch will
resend the handshake request packet to online users at this interval to check their
state. If you set the number of retries to N by using the dot1x retry command, an
online user is considered offline when the switch has not received response
packets from it in N retries.
Re-authentication timer (reauth-period): Within this timer period, the switch will
initialize 802.1x re-authentication.
Quiet-period timer (quiet-period): This timer sets the quiet-period. When a
supplicant system fails to pass the authentication, the switch quiets for a period of
time (set by the quiet-period timer) before it processes another authentication
request initiated by the supplicant system.
ver-period: This timer sets the client version request timer. The authenticator
system will resend the client version checking request packet if the supplicant
system has not responded when this timer times out.
1.1.6 802.1x Implementation on an S7500 Series Switch
In addition to the previously mentioned 802.1x features, an S7500 series switch is also
capable of:
Cooperating with a CAMS server to perform proxy detection, such as detecting
login through proxy server and multiple network interface cards;
Checking client version;
Implementing the Guest VLAN function.
I. Proxy detection
An S7500 series switch implements 802.1x proxy detection to check:
A supplicant system logging in through the proxy server;
A supplicant system logging in through the IE proxy server;
A supplicant system logging in through multiple network interface cards (that is,
more than one network adapter are active in a supplicant system when it logs in).
1-10
Chapter 1 802.1x Configuration