Enabling The Periodic Online User Re-Authentication Function; Configuring An 802.1X Guest Vlan - HP 3600 v2 Series Security Configuration Manual
Hide thumbs
Also See for 3600 v2 Series:
- Command reference manual (510 pages) ,
- Configuration manual (449 pages) ,
- Installation manual (62 pages)
Table of Contents
Advertisement
To do...
Enable the quiet timer
Set the quiet timer
Enabling the periodic online user re-authentication function
Periodic online user re-authentication tracks the connection status of online users and updates the
authorization attributes assigned by the server, such as the ACL, VLAN, and user profile-based QoS. The
re-authentication interval is user configurable.
Follow these steps to enable the periodic online user re-authentication function:
To do...
Enter system view
Set the periodic re-authentication
timer
Enter Ethernet interface view
Enable periodic online user
re-authentication
The periodic online user re-authentication timer can also be set by the authentication server in the
session-timeout attribute. The server-assigned timer overrides the timer setting on the access device, and
enables periodic online user re-authentication, even if the function is not configured. Support for the
server assignment of re-authentication timer and the re-authentication timer configuration on the server
vary with servers.
NOTE:
The VLAN assignment status must be consistent before and after re-authentication. If the authentication
server has assigned a VLAN before re-authentication, it must also assign a VLAN at re-authentication. If
the authentication server has assigned no VLAN before re-authentication, it must not assign one at
re-authentication. Violation of either rule can cause the user to be logged off. The VLANs assigned to an
online user before and after re-authentication can be the same or different.
Configuring an 802.1X guest VLAN
Configuration guidelines
Follow these guidelines when you configure an 802.1X guest VLAN:
You can configure only one 802.1X guest VLAN on a port. The 802.1X guest VLANs on different
•
ports can be different.
Assign different IDs for the voice VLAN, the default VLAN, and the 802.1X guest VLAN on a port,
•
so the port can correctly process incoming VLAN tagged traffic.
Use the command...
dot1x quiet-period
dot1x timer quiet-period
quiet-period-value
Use the command...
system-view
dot1x timer reauth-period
reauth-period-value
interface interface-type
interface-number
dot1x re-authenticate
95
Remarks
Required
Disabled by default.
Optional
The default is 60 seconds.
Remarks
—
Optional
The default is 3600 seconds.
—
Required
Disabled by default
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
