Configuration restrictions and guidelines
When you configure 802.1X reauthentication, follow these restrictions and guidelines:
The server-assigned session timeout timer (Session-Timeout attribute) and termination action (Termination-Action attribute) together can affect periodic reauthentication. To display the server-assigned Session-Timeout and Termination-Action attributes, use the display dot1x connection command (see Security Command Reference).
If the termination action is Default (logoff), periodic reauthentication on the device takes effect only when the periodic reauthentication timer is shorter than the session timeout timer.
If the termination action is Radius-request, the periodic reauthentication configuration on the device does not take effect. The device reauthenticates the online 802.1X users after the session timeout timer expires.
Support for the assignment of Session-Timeout and Termination-Action attributes depends on the server model.
You can set the periodic reauthentication timer either in system view or in interface view by using the dot1x timer reauth-period command. A change to the periodic reauthentication timer applies to online users only after the old timer expires.
The device selects a periodic reauthentication timer for 802.1X reauthentication in the following order:
Server-assigned reauthentication timer.
Port-specific reauthentication timer.
Global reauthentication timer.
Default reauthentication timer.
The VLANs assigned to an online user before and after reauthentication can be the same or different.