No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

S12700 V200R011C10 Configuration Guide - User Access and Authentication

This document describes the working mechanisms, configuration procedures, and configuration examples of User Access and Authentication features, such as AAA, DAA, NAC, PPPoE, Policy Association, and IP session.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
(Optional) Configuring Re-authentication for 802.1X Authentication Users

(Optional) Configuring Re-authentication for 802.1X Authentication Users

Context

If the administrator modifies user information on the authentication server, parameters such as the user access permission and authorization attribute are changed. If a user has passed 802.1X authentication, you must re-authenticate the user to ensure user validity.

After the user goes online, the device saves user authentication information. After re-authentication is enabled for 802.1X authentication users, the device sends the saved authentication information of the online user to the authentication server for re-authentication. If the user's authentication information does not change on the authentication server, the user is kept online. If the authentication information has been changed, the user is forced to go offline, and then re-authenticated according to the changed authentication information.

You can configure re-authentication for 802.1X authentication users using either of the following methods:
  • Re-authenticate all online 802.1X authentication users on a specified interface periodically.
  • Re-authenticate an online 802.1X authentication user once with a specified MAC address.
NOTE:

If periodic 802.1X re-authentication is enabled, a large number of 802.1X authentication logs are generated.

Procedure

  • Configure periodic re-authentication for all online 802.1X authentication users on a specified interface.
    1. Run system-view

      The system view is displayed.

    2. Enable periodic re-authentication for all online 802.1X authentication users on the specified interface in the system or interface view.

      • In the system view:

      1. Run dot1x reauthenticate interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10>

        Periodic 802.1X re-authentication is enabled on the interface.

      • In the interface view:

      1. Run interface interface-type interface-number

        The interface view is displayed.

      2. Run dot1x reauthenticate

        Periodic 802.1X re-authentication is enabled on the interface.

      3. Run quit

        The system view is displayed.

      By default, periodic 802.1X re-authentication is disabled on an interface.

    3. (Optional) Set the re-authentication interval for online 802.1X authentication users in the system or interface view.

      NOTE:

      Generally, the default re-authentication interval is recommended. If many ACL rules need to be delivered during user authorization, to improve the device processing performance, you are advised to disable re-authentication or increase the re-authentication internal. When remote authentication and authorization are used and a short re-authentication interval is used, the CPU usage may become high.

      • In the system view:

      1. Run the dot1x timer reauthenticate-period reauthenticate-period-value command to set the re-authentication interval for online 802.1X authentication users.

      • In the interface view:

      1. Run the interface interface-type interface-number command to enter the interface view.
      2. Run the dot1x timer reauthenticate-period reauthenticate-period-value command to set the re-authentication interval for online 802.1X authentication users.
      3. Run the quit command to enter the system view.

      By default, the device re-authenticates online 802.1X authentication users at the interval of 3600 seconds.

  • Configure re-authentication for an online 802.1X authentication user with a specified MAC address.
    1. Run system-view

      The system view is displayed.

    2. Run dot1x reauthenticate mac-address mac-address

      Re-authentication is enabled for the online 802.1X authentication user with the specified MAC address.

      By default, re-authentication for the online 802.1X authentication user with a specified MAC address is disabled.

Translation
Download
Updated: 2019-10-21

Document ID: EDOC1000178117

Views: 118971

Downloads: 55

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next