Configuring 802.1X SmartOn
The SmartOn feature is mutually exclusive with the 802.1X online user handshake feature.
When the device sends a unicast EAP-Request/Notification packet to the client, it starts the SmartOn client timeout timer (set by using the dot1x smarton timer supp-timeout command).
If the device does not receive any EAP-Response/Notification packets from the client within the timeout timer, it retransmits the EAP-Request/Notification packet to the client. After the device has made the maximum retransmission attempts but received no response, it stops the 802.1X authentication process for the client.
If the device receives an EAP-Response/Notification packet within the timer or before the maximum retransmission attempts have been made, it starts the SmartOn authentication. If the SmartOn switch ID and the MD5 digest of the SmartOn password in the packet match those on the device, 802.1X authentication continues for the client. Otherwise, the device denies the client's 802.1X authentication request.
To configure 802.1X SmartOn:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Enter Ethernet interface view. | interface interface-type interface-number | N/A |
3. Enable the SmartOn feature on the port. | dot1x smarton | By default, this feature is disabled. |
4. Return to system view. | quit | N/A |
5. Configure the SmartOn switch ID. | dot1x smarton switchid switch-string | By default, no SmartOn switch ID exists. |
6. Set the SmartOn password. | dot1x smarton password { cipher | simple } string | By default, no SmartOn password exists. |
7. (Optional.) Set the SmartOn client timeout timer. | dot1x smarton timer supp-timeout supp-timeout-value | The default timer is 30 seconds. |
8. (Optional.) Set the maximum attempts for retransmitting an EAP-Request/Notification packet to a client. | dot1x smarton retry retries | By default, the device allows a maximum of 3 attempts for retransmitting an EAP-Request/Notification packet to a client. |