Configuration Guide Vol. 2

5.4.1 Precautions When Setting and Changing the Status of the Switch

<Structure of this section>

(1) Notes on Using set clock Commands

The duration of an authentication session is managed using the internal clock of the Switch.Keep in mind that using the set clock operation command to change the system and time has a flow-on effect on the duration of authentication sessions.

For example, if you advance the clock by three hours, sessions will appear to be in progress for three hours longer than they actually have. Conversely, if you set the clock back by three hours, authentication sessions will be extended by three hours.

(2) Notes on changing the authentication mode

If you change the authentication mode by changing the setting of the configuration command switchport mode on a port for which IEEE802.1X,Web authentication or MAC authentication is enabled, execute the configuration command shutdown for all ports to be authenticated, release the authenticated state of the terminal using the operation command clear dot1x auth-state,clear web-authentication auth-state, or clear mac-authentication auth-state, and place the authenticated terminal in an unconnected state, then change the authentication mode after approximately 60 seconds. After changing the authentication mode, execute the no shutdown command for all the ports to be authenticated.

If you change the authentication mode while the authentication terminal is connected, execute the operation command restart dot1x,restart web-authentication, or restart mac-authentication to restart IEEE802.1X program, Web authentication program, or MAC authentication program. Then, use the operation-command restart vlan mac-manager to restart MAC control-program.

(3) Precautions when stopping the authentication program

To terminate the authentication program by deleting the configuration command dot1x system-auth-control,web-authentication system-auth-control, or mac-authentication system-auth-control setting, execute the configuration command shutdown for all ports to be authenticated, release the authentication status of the terminal using the operation command clear dot1x auth-state,clear web-authentication auth-state, or clear mac-authentication auth-state, and place the authenticated terminal in an unconnected state. Then, wait for approximately 60 seconds before stopping the authentication program. After stopping the authentication program, execute the configuration command no shutdown for all ports subject to authentication.

If the authentication program is stopped while the authentication terminal is connected, use the operation command restart vlan mac-manager to restart MAC administration program.

(4) Notes on restarting the authentication program

If the authentication program is restarted by executing an operation command restart dot1x,restart web-authentication, or restart mac-authentication while the authentication terminal is connected, use the operation command restart vlan mac-manager to restart MAC administration program.

(5) Notes on Configuring Authenticated Ports and MAC VLAN

If the product of the number of authentication ports set for IEEE802.1X authentication (dynamic VLAN mode), Web authentication (dynamic VLAN mode), and MAC authentication (dynamic VLAN mode) and the number of configuration command vlan <vlan id list> mac-based settings exceeds approximately 1600, the following steps take a long time until authentication starts and communication with authenticated terminals is restored according to the initialization time of MAC administration program:

[Product name label]

All Rights Reserved, Copyright(C), 2021, 2023, ALAXALA Networks, Corp.