[x]

 > Enabling the periodic online user reauthentication feature

 

 Next

Enabling the periodic online user reauthentication feature

Periodic online user reauthentication tracks the connection status of online users, and updates the authorization attributes assigned by the server. The attributes include the ACL, VLAN, and user profile-based QoS. The reauthentication interval is user configurable.

The server-assigned RADIUS Session-Timeout (attribute 27) and Termination-Action (attribute 29) attributes can affect the periodic online user reauthentication feature. To display the server-assigned Session-Timeout and Termination-Action attributes, use the display dot1x connection command (see Security Command Reference).

Support for the server configuration and assignment of session timeout timer and termination action depends on the server model.

If no server is reachable for 802.1X reauthentication, the device logs off the user or keeps it online, depending on the configuration on the device.

The VLANs assigned to an online user before and after reauthentication can be the same or different.

To enable the periodic online user reauthentication feature:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. (Optional.) Set the periodic reauthentication timer.

dot1x timer reauth-period reauth-period-value

The default is 3600 seconds.

3. Enter Layer 2 Ethernet interface view.

interface interface-type interface-number

N/A

4. Enable periodic online user reauthentication.

dot1x re-authenticate

By default, the feature is disabled.

5. (Optional.) Enable the keep-online feature for 802.1X users.

dot1x re-authenticate server-unreachable keep-online

By default, this feature is disabled, and the device logs off online 802.1X users if no authentication server is reachable for 802.1X reauthentication.

prev

 

up

 next

Configuring the quiet timer 

home

 Configuring an 802.1X guest VLAN

© Copyright 2015, 2017 Hewlett Packard Enterprise Development LP