(Optional) Configuring the Handshake Function for 802.1X Online Users

Context

You can configure the handshake function for online users to ensure that the users are online in real time. The device sends a handshake request packet at intervals to online users who pass the authentication. If the user does not respond to the handshake packet after the maximum number of retransmission times, the device disconnects the user.

If the 802.1X client cannot exchange the handshake packet with the device, the device does not receive any handshake response packet within the handshake period. You must disable the handshake function for online users to prevent the device from incorrectly disconnecting the users.

Procedure

Run system-view
The system view is displayed.
Run dot1x handshake
The handshake function is enabled for 802.1X online users.

By default, the handshake function is disabled for 802.1X online users.
(Optional) Run dot1x handshake packet-type { request-identity | srp-sha1-part2 }
The type of 802.1X authentication handshake packets is set.

By default, the type of 802.1X authentication handshake packets is request-identity.
(Optional) Configure the interval at which the device handshakes with 802.1X online users.
- Run dot1x timer handshake-period handshake-period-value
  The interval at which the device handshakes with 802.1X online users on non-Eth-Trunk interfaces is set.
  
  By default, the interval for sending handshake packets is 15.
- Run dot1x timer eth-trunk-access handshake-period handshake-period-value
  The interval at which the device handshakes with 802.1X online users on Eth-Trunk interfaces is set.
  
  By default, the interval for sending handshake packets is 120 seconds.
(Optional) Run dot1x retry max-retry-value
The number of times for resending a handshake packet is configured.

By default, a handshake packet can be resent twice.