Operation Manual – 802.1x - MAC AuthenticationH3C S7500E Series Ethernet Switches Chapter 2 EAD Fast Deployment Configuration2-3III. Setting the EAD rule timeout timeWith the EAD fast deployment function, a user is authorized by an EAD rule (generallyan ACL rule) to access the freely accessible network segment before passingauthentication. After successful authentication, the occupied ACL will be released. If alarge amount of users access the freely accessible network segment but fail theauthentication, ACLs will soon be used up and new users will be rejected.An EAD rule timeout timer is designed to solve this problem. When a user accesses thenetwork, this timer is started. If the user neither downloads client software nor performsauthentication before the timer expires, the occupied ACL will be released so that otherusers can use it. When there are a large number of users, you can shorten the timeouttime to improve the ACL usage efficiency.Follow these steps to set the EAD rule timeout time:To do… Use the command… RemarksEnter system view system-view —Set EAD rule timeouttimedot1x timer ead-timeoutead-timeout-valueOptional30 minutes by default2.3 Displaying and Maintaining EAD Fast DeploymentTo do… Use the command… RemarksDisplay 802.1x sessioninformation, statistics, orconfiguration informationdisplay dot1x [ sessions| statistics ] [ interfaceinterface-list ]Available in any view2.4 EAD Fast Deployment Configuration ExampleI. Network requirementsAs shown in Figure 2-1, the host is connected to the device, and the device isconnected to the freely accessible network segment and outside network.It is required that:z Before successful 802.1 authentication, the host using IE to access outsidenetwork will be redirected to the WEB server, and it can download and install802.1x client software.z After successful 802.1x authentication, the host can access outside network.
