1-13z The RADIUS server has the switch perform 802.1x re-authentication of users. The RADIUS serversends the switch an Access-Accept packet with the Termination-Action attribute field of 1. Uponreceiving the packet, the switch re-authenticates the user periodically.z You enable 802.1x re-authentication on the switch. With 802.1x re-authentication enabled, theswitch re-authenticates users periodically.802.1x re-authentication will fail if a CAMS server is used and configured to perform authentication butnot accounting. This is because a CAMS server establishes a user session after it begins to performaccounting. Therefore, to enable 802.1x re-authentication, do not configure the accounting nonecommand in the domain. This restriction does not apply to other types of servers.Introduction to 802.1x Configuration802.1x provides a solution for authenticating users. To implement this solution, you need to execute802.1x-related commands. You also need to configure AAA schemes on switches and specify theauthentication scheme (RADIUS or local authentication scheme).Figure 1-11 802.1x configurationISP domainconfiguration AAA schemeLocalauthenticationRADIUSscheme802.1xconfigurationISP domainconfiguration AAA schemeLocalauthenticationRADIUSscheme802.1xconfigurationz 802.1x users use domain names to associate with the ISP domains configured on switchesz Configure the AAA scheme (a local authentication scheme or a RADIUS scheme) to be adopted inthe ISP domain.z If you specify to use a local authentication scheme, you need to configure the user names andpasswords manually on the switch. Users can pass the authentication through 802.1x client if theyprovide user names and passwords that match those configured on the switch.z If you specify to adopt the RADIUS scheme, the supplicant systems are authenticated by a remoteRADIUS server. In this case, you need to configure user names and passwords on the RADIUSserver and perform RADIUS client-related configuration on the switches.z You can also specify to adopt the RADIUS authentication scheme, with a local authenticationscheme as a backup. In this case, the local authentication scheme is adopted when the RADIUSserver fails.Refer to the AAA Operation for detailed information about AAA scheme configuration.