[x]

Configuring 802.1X > Configuring 802.1X reauthentication

 

 Next

Configuring 802.1X reauthentication

Restrictions and guidelines

The device selects a periodic reauthentication timer for 802.1X reauthentication in the following order:

  1. Server-assigned reauthentication timer.

  2. Port-specific reauthentication timer.

  3. Global reauthentication timer.

  4. Default reauthentication timer.

After you perform a manual reauthentication, the device reauthenticates all online 802.1X users on a port regardless of the server-assigned reauthentication attribute and the periodic reauthentication feature on the port.

Any modification to the mandatory authentication domain or EAP message handling method setting does not affect the reauthentication of online 802.1X users. The modified setting takes effect only on 802.1X users that come online after the modification.

Procedure

  1. Enter system view.

    system-view

  2. Set the periodic reauthentication timer.

    • Set a global periodic reauthentication timer.

      dot1x timer reauth-period reauth-period-value

      The default setting is 3600 seconds.

    • Execute the following commands in sequence to set a port-specific periodic reauthentication timer:

      interface interface-type interface-number

      dot1x timer reauth-period reauth-period-value

      quit

      By default, no periodic reauthentication timer is set on a port. The port uses the global 802.1X periodic reauthentication timer.

  3. Enter interface view.

    interface interface-type interface-number

  4. Enable periodic online user reauthentication.

    dot1x re-authenticate

    By default, the feature is disabled.

  5. (Optional.) Manually reauthenticate all online 802.1X users on the port.

    dot1x re-authenticate manual

  6. (Optional.) Enable the keep-online feature for 802.1X users.

    dot1x re-authenticate server-unreachable keep-online

    By default, this feature is disabled. The device logs off online 802.1X users if no authentication server is reachable for 802.1X reauthentication.

    Use the keep-online feature according to the actual network condition. In a fast-recovery network, you can use the keep-online feature to prevent 802.1X users from coming online and going offline frequently.

prev

 

up

 next

Setting the 802.1X authentication timeout timers 

home

 Setting the quiet timer

© Copyright 2017 Hewlett Packard Enterprise Development LP