R0106-HP MSR Router Series Security Configuration Guide(V7)
89
Ste
p
Command
Remarks
2. (Optional.) Set the periodic
reauthentication timer.
dot1x timer reauth-period
reauth-period-value
The default is 3600 seconds.
3. Enter Ethernet interface view.
interface interface-type
interface-number
N/A
4. Enable periodic online user
reauthentication.
dot1x re-authenticate By default, the function is disabled.
5. (Optional.) Enable the
keep-online feature for 802.1X
users.
dot1x re-authenticate
server-unreachable keep-online
By default, this feature is disabled.
The device logs off online 802.1X
users if no authentication server is
reachable for 802.1X
reauthentication.
Configuring an 802.1X guest VLAN
Configuration guidelines
When you configure an 802.1X guest VLAN, follow these guidelines:
• Configure the 802.1X guest VLAN on an 802.1X-enabled port that performs port-based access
control.
• You can configure only one 802.1X guest VLAN on the port. The 802.1X guest VLANs on different
ports can be different.
• Assign different IDs to the port VLAN and the 802.1X guest VLAN on the port, so the port can
correctly process incoming VLAN-tagged traffic.
Configuration prerequisites
Before you configure an 802.1X guest VLAN, complete the following tasks:
• Create the VLAN to be specified as the 802.1X guest VLAN.
• Enable 802.1X multicast trigger on the port.
Configuration procedure
To configure an 802.1X guest VLAN:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter Ethernet interface view.
interface interface-type
interface-number
N/A
3. Configure the 802.1X guest
VLAN on the port.
dot1x guest-vlan guest-vlan-id
By default, no 802.1X guest VLAN
is configured on any port.