Configuration Guide Vol. 2

6.3 IEEE 802.1 X important reminder for use

<Structure of this section>

(1) Coexistence with other functions

For details about how IEEE802.1X coexists with other functions, see 5.2 Compatibility between Layer 2 authentication and other functions.

(2) Notes on specifying a MAC VLAN as an access port

You can configure IEEE802.1X on interfaces for which MAC VLAN is specified as an access port, but do not use them because they cannot coexist.

(3) Notes on Interim Packet-Transmit Interval

If you use interim packets with RADIUS Accounting, we recommend that you specify a value of 600 or higher as the sending interval for RADIUS packets in the Acct-Interim-Interval attribute. Because the switch sends interim packets for every authenticated terminal, exercise caution when assigning values less than 600 because this may place a heavy load on the network and the RADIUS server.

(4) Changing the timer value

If you change the value of a timer (tx-period, reauth-period, supp-timeout, quiet-period, or keep-unauth), the change does not take effect until that timer times out for the authentication unit. To apply the change immediately, execute the clear dot1x auth-state command to clear the authentication status.

(5) Precautions when placing a L2 switchbetween the terminal and this equipment

Responses from terminals are typically multicast. Therefore, if you connect an L2 switch between the terminal and the Switch, EAPOL frames that encapsulate responses from the terminal are forwarded to every port in the same VLAN on the L2 switch. If the L2 switch VLAN is configured in the manner described below, EAPOL frames from a given terminal arrive at more than one port on the Switch, creating a situation in which multiple ports are attempting to authenticate the same terminal. This affects the stability of the authentication process, and may result in dropped connections, failed authentication, and other issues.

The figures below show examples of correct and prohibited configurations of an L2 switch between terminals and the Switch.

Figure 6-8: Example of prohibited configuration

[Figure Data]
Figure 6-9: Correct configuration example

[Figure Data]

[Product name label]

All Rights Reserved, Copyright(C), 2022, 2023, ALAXALA Networks, Corp.