Enabling The Periodic Online User Re-Authentication Function; Configuration Guidelines; Configuration Procedure; Configuring A Vlan Group - HP 10500 Series Configuration Manual
Security configuration guide
Hide thumbs
Also See for 10500 Series:
- Security configuration manual (596 pages) ,
- Configuration manual (512 pages) ,
- Specifications (42 pages)
Table of Contents
Advertisement
Enabling the periodic online user re-authentication
function
Periodic online user re-authentication tracks the connection status of online users and updates the
authorization attributes assigned by the server, such as the ACL, VLAN, and user profile-based QoS. The
re-authentication interval is user configurable.
Configuration guidelines
The periodic online user re-authentication timer can also be set by the authentication server in the
•
session-timeout attribute. The server-assigned timer overrides the timer setting on the access device,
and enables periodic online user re-authentication, even if the function is not configured. Support
for the server assignment of re-authentication timer and the re-authentication timer configuration on
the server vary with servers.
•
The VLAN assignment status must be consistent before and after re-authentication. If the
authentication server has assigned a VLAN before re-authentication, it must also assign a VLAN at
re-authentication. If the authentication server has assigned no VLAN before re-authentication, it
must not assign one at re-authentication. Violation of either rule can cause the user to be logged off.
The VLANs assigned to an online user before and after re-authentication can be the same or
different.
If no critical VLAN is configured, RADIUS server unreachable can cause an online user being
•
re-authenticated to be logged off. If a critical VLAN is configured, the user remains online and in the
original VLAN.
Configuration procedure
To enable the periodic online user re-authentication function:
Step
1.
Enter system view.
2.
Set the periodic
re-authentication timer.
3.
Enter Ethernet interface view.
4.
Enable periodic online user
re-authentication.
Configuring a VLAN group
NOTE:
This feature is available in Release 1203 and later versions.
Follow these guidelines when you configure a VLAN group:
Do not add a super VLAN to a VLAN group. The device does not assign super VLANs to 802.1X
•
users. For more information about super VLAN, see Layer 2
Command
system-view
dot1x timer reauth-period
reauth-period-value
interface interface-type
interface-number
dot1x re-authenticate
93
Remarks
N/A
Optional.
The default is 3600 seconds.
N/A
By default, the function is disabled.
LAN Switching Configuration Guide.
—
Advertisement
Table of Contents
Troubleshooting
