dot1x reauthenticate

Function

The dot1x reauthenticate command enables periodic 802.1X re-authentication on an interface.

The undo dot1x reauthenticate command disables periodic 802.1X re-authentication on an interface.

By default, periodic 802.1X re-authentication is disabled on an interface.

Format

In the system view:

dot1x reauthenticate interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10>

undo dot1x reauthenticate interface { interface-type interface-number1 [ to interface-number2 ] } &<1-10>

In the interface view:

dot1x reauthenticate

undo dot1x reauthenticate

Parameters

Parameter	Description	Value
interface { interface-type interface-number1 [ to interface-number2 ] }	Specifies the interface type and number. interface-type specifies the interface type. interface-number specifies the interface number.	-

Parameter

Description

Value

interface { interface-type interface-number1 [ to interface-number2 ] }

Specifies the interface type and number.

interface-type specifies the interface type.
interface-number specifies the interface number.

Views

System view, Ethernet interface view, GE interface view, MultiGE interface view, XGE interface view, 25GE interface view, 40GE interface view, 100GE interface view, Eth-Trunk interface view, Port group view

Default Level

2: Configuration level

Usage Guidelines

Usage Scenario

After modifying the authentication information of an online user on the authentication server, the administrator needs to re-authenticate the user in real time to ensure user validity.

After the user goes online, the device saves user authentication information. After 802.1X re-authentication is enabled using the dot1x reauthenticate command, the device sends the stored authentication information of the online user to the authentication server for re-authentication at an interval. If the authentication information of the user does not change on the authentication server, the user is online normally. If the authentication information has been changed, the user is forced to go offline. The user then needs to be re-authenticated according to the changed authentication information.

The re-authentication interval is set using the dot1x timer reauthenticate-period command.

This function takes effect only for users who go online after this function is successfully configured.

If the device is connected to a server for re-authentication and the server replies with a re-authentication deny message that makes an online user go offline, it is recommended that you locate the cause of the re-authentication failure on the server or disable the re-authentication function on the device.

Precautions

If periodic 802.1X re-authentication is enabled, a large number of 802.1X authentication logs are generated.

Example

# Enable periodic 802.1X re-authentication on GE0/0/1 in the system view.

<HUAWEI> system-view
[HUAWEI] dot1x reauthenticate interface gigabitethernet 0/0/1

# Enable periodic 802.1X re-authentication on GE0/0/1 in the interface view.

<HUAWEI> system-view
[HUAWEI] interface gigabitethernet 0/0/1
[HUAWEI-GigabitEthernet0/0/1] dot1x reauthenticate