1-18
Configuring 802.1x Re-Authentication
Follow these steps to enable 802.1x re-authentication:
To do… Use the command… Remarks
Enter system view
system-view
—
Enable 802.1x globally
dot1x
Required
By default, 802.1x is disabled
globally.
In system view dot1x [ interface interface-list ]Enable
802.1x for
specified
ports
In port view
dot1x
Required
By default, 802.1x is disabled
on all ports.
In system view
dot1x re-authenticate
[ interface interface-list ]
Enable
802.1x
re-authenticat
ion on port(s)
In port view
dot1x re-authenticate
Required
By default, 802.1x
re-authentication is disabled
on a port.
To enable 802.1x re-authentication on a port, you must first enable 802.1x globally and on the port.
Configuring the 802.1x Re-Authentication Timer
After 802.1x re-authentication is enabled on the device, the device determines the re-authentication
interval in one of the following two ways:
1) The device uses the value of the Session-timeout attribute field of the Access-Accept packet sent
by the RADIUS server as the re-authentication interval.
2) The device uses the value configured with the dot1x timer reauth-period command as the
re-authentication interval for access users.
Note the following:
During re-authentication, the device always uses the latest re-authentication interval configured, no
matter which of the above-mentioned two ways is used to determine the re-authentication interval. For
example, if you configure a re-authentication interval on the device and the device receives an
Access-Accept packet whose Termination-Action attribute field is 1, the device will ultimately use the
value of the Session-timeout attribute field as the re-authentication interval.
The following introduces how to configure the 802.1x re-authentication timer on the device.
