Filter
Top Products
1-15
To do… Use the command… Remarks
Enable online user
handshaking
dot1x handshake enable
Optional
By default, online user handshaking
is enabled.
z 802.1x configurations take effect only after you enable 802.1x both globally and for specified ports.
z The settings of 802.1x and MAC address learning limit are mutually exclusive. Enabling 802.1x on
a port will prevent you from setting the limit on MAC address learning on the port and vice versa.
z The settings of 802.1x and aggregation group member are mutually exclusive. Enabling 802.1x on
a port will prevent you from adding the port to an aggregation group and vice versa.
z When the switch itself operates as an authentication server, its authentication method for 802.1x
users cannot be configured as EAP.
z Handshake packets are used to test whether a user is online or not. Users need to run the
proprietary client software of H3C to respond to the handshake packets.
z As clients not running the H3C client software do not support the online user handshaking function,
switches cannot receive handshake acknowledgement packets from them in handshaking periods.
To prevent users being falsely considered offline, you need to disable the online user handshaking
function in this case.
Timer and Maximum User Number Configuration
Follow these steps to configure 802.1x timers and the maximum number of users:
To do… Use the command... Remarks
Enter system view
system-view
—
In system
view
dot1x max-user user-number
[ interface interface-list ]
interface interface-type
interface-number
dot1x max-user user-number
Set the
maximum
number of
concurrent
on-line users
for specified
ports
In port view
quit
Optional
By default, a port can
accommodate up to 256 users at
a time.
Set the maximum retry times
to send request packets
dot1x retry max-retry-value
Optional
By default, the maximum retry
times to send a request packet is
2. That is, the authenticator
system sends a request packet
to a supplicant system for up to
two times by default.