Dot1X Timer - HP 5120 SI series Command Reference Manual

dot1x timer

Syntax
dot1x timer { handshake-period handshake-period-value | quiet-period quiet-period-value |
reauth-period
supp-timeout-value | tx-period tx-period-value }
undo dot1x timer { handshake-period | quiet-period | reauth-period | server-timeout | supp-timeout
| tx-period }
View
System view
Default level
2: System level
Parameters
handshake-period-value: Sets the handshake timer in seconds. It ranges from 5 to 1024.
quiet-period-value: Sets the quiet timer in seconds. It ranges from 10 to 120.
reauth-period-value: Sets the periodic re-authentication timer in seconds. It ranges from 60 to 7200.
server-timeout-value: Sets the server timeout timer in seconds. It ranges from 100 to 300.
supp-timeout-value: Sets the client timeout timer in seconds. It ranges from 1 to 120.
tx-period-value: Sets the username request timeout timer in seconds. It ranges from 10 to 120.
Description
Use the dot1x timer command to set 802.1X timers.
Use the undo dot1x timer command to restore the defaults.
By default, the handshake timer is 15 seconds, the quiet timer is 60 seconds, the periodic
re-authentication timer is 3600 seconds, the server timeout timer is 100 seconds, the client timeout timer
is 30 seconds, and the username request timeout timer is 30 seconds.
You can set the client timeout timer to a high value in a low-performance network, set the quiet timer to
a high value in a vulnerable network or a low value for quicker authentication response, or adjust the
server timeout timer to adapt to the performance of different authentication servers. In most cases, the
default settings are sufficient.
The network device uses the following 802.1X timers:
Handshake timer (handshake-period)—Sets the interval at which the access device sends client
•
handshake requests to check the online status of a client that has passed authentication. If the
device receives no response after sending the maximum number of handshake requests, it considers
that the client has logged off..
Quiet timer (quiet-period)—Starts when a client fails authentication. The access device must wait
•
the time period before it can process the authentication attempts from the client.
• Periodic re-authentication timer (reauth-period)—Sets the interval at which the network device
periodically re-authenticates online 802.1X users. To enable periodic online user re-authentication
on a port, use the dot1x re-authenticate command. If you change the periodic re-authentication
timer when users are online, the new timer does not apply to online users until the previous timer
expires.
reauth-period-value | server-timeout
110
server-timeout-value | supp-timeout