88
• If no critical VLAN is configured, RADIUS server unreachable can cause an online user being
re-authenticated to be logged off. If a critical VLAN is configured, the user remains online and in the
original VLAN.
Configuration procedure
To enable the periodic online user re-authentication function:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Set the periodic
re-authentication timer.
dot1x timer reauth-period
reauth-period-value
Optional.
The default is 3600 seconds.
3. Enter Ethernet interface view.
interface interface-type
interface-number
N/A
4. Enable periodic online user
re-authentication.
dot1x re-authenticate By default, the function is disabled.
Configuring a port to send EAPOL frames untagged
EAPOL frames exchanged between the 802.1X client and the network access device must not contain
VLAN tags. If any 802.1X user attached to a port is assigned a tagged VLAN, you must enable the port
to send EAPOL frames untagged to 802.1X clients.
To configure a port to send EAPOL packets untagged to 802.1X clients:
Step Command Remarks
1. Enter system view. system-view N/A
2. Enter Layer 2 Ethernet
interface view.
interface interface-type
interface-number
N/A
3. Configure the port to send
802.1X EAPOL frames
untagged.
dot1x eapol untag
By default, whether the port sends
EAPOL packets with a VLAN tag
depends on the VLAN settings on
the port.
Setting the maximum number of 802.1X
authentication attempts for MAC authentication
users
If both MAC authentication and 802.1X authentication are enabled on a port, the device allows an
authenticated MAC authentication user to initiate an 802.1X authentication. If the user passes 802.1X
authentication, the user goes online as an 802.1X user. If the user fails 802.1X authentication, the user
can retry authentication until the maximum number of authentication attempts is reached.
To Next Page
Loading...
