212 CHAPTER 9: AAA AND RADIUS OPERATION
By default, authentication will not be launched when the user runs DHCP and
applies for dynamic IP addresses.
Configuring the Authentication Method for 802.1x Users
The following commands can be used to configure the authentication method for
802.1x users. Three kinds methods of authentication are available:
■ PAP — the RADIUS server must support this method
■ CHAP — the RADIUS server must support this method
■ EAP relay — the switch sends authentication information to the RADIUS server
in the form of EAP packets, directly, so that the RADIUS server never supports
EAP authentication
Perform the following configurations in system view.
Setting the Maximum Retransmission Times
The following commands are used for setting the maximum
authenticator-to-supplicant frame-retransmission times.
Perform the following configurations in system view.
By default, the max-retry-value is 3. That is, the switch can retransmit the
authentication request frame to a supplicant 3 times at most.
Configuring Timers
The following commands are used for configuring the 802.1x timers.
Perform the following configurations in system view.
Table 224 Configure the Authentication Method for 802.1x Users
Operation Command
Configure the authentication method for
802.1x users
dot1x authentication-method {
chap | pap | eap md5-challenge }
Restore the default authentication method for
802.1x users
undo dot1x authentication-method
Table 225 Set the Maximum Retransmission Times
Operation Command
Set the maximum retransmission times dot1x retry max-retry-value
Restore the default maximum retransmission
times
undo dot1x retry
Table 226 Configure Timers
Operation Command
Configure timers dot1x timer {quiet-period
quiet-period-value | tx-period
tx-period-value | supp-time-out
supp-timeout-value |
server-timeout
server-timeout-value }