Table of Contents
Advertisement
tx-period-value: Setting for the username request timeout timer in seconds. It ranges from 10 to 120
and defaults to 30.
Description
Use the dot1x timer command to set 802.1X timers.
Use the undo dot1x timer command to restore the defaults.
Several timers are used in the 802.1X authentication process to guarantee that the supplicants, the
authenticators, and the RADIUS server interact with each other in a reasonable manner. You can use
this command to set these timers:
Handshake timer (handshake-period): After a supplicant passes authentication, the authenticator
sends to the supplicant handshake requests at this interval to check whether the supplicant is
online. If the authenticator receives no response after sending the allowed maximum number of
handshake requests, it considers that the supplicant is offline.
Quiet timer (quiet-period): When a supplicant fails the authentication, the authenticator refuses
further authentication requests from the supplicant in this period of time.
Periodic re-authentication timer (reauth-period): If you enable periodic re-authentication on a port
(by the dot1x re-authenticate command), the device will re-authenticate online users on the port
at the interval specified by this timer. If you change the re-authentication interval when there are
users online, the device will continue to re-authenticate such users according to the original
re-authentication interval setting for one time. Then the device will use the new interval for
re-authentication of all online users.
Server timeout timer (server-timeout): Once an authenticator sends a RADIUS Access-Request
packet to the authentication server, it starts this timer. If this timer expires but it receives no
response from the server, it retransmits the request.
Supplicant timeout timer (supp-timeout): Once an authenticator sends an EAP-Request/MD5
Challenge frame to a supplicant, it starts this timer. If this timer expires but it receives no response
from the supplicant, it retransmits the request.
Username
EAP-Request/Identity frame to a supplicant, it starts this timer. If this timer expires but it receives
no response from the supplicant, it retransmits the request. In addition, to be compatible with
clients that do not send EAPOL-Start requests unsolicitedly, the device multicasts
EAP-Request/Identity frame periodically to detect the clients, with the multicast interval defined by
tx-period.
It is unnecessary to change the timers unless in some special or extreme network environments. The
change of a timer takes effect immediately.
Related commands: display dot1x.
Examples
# Set the server timeout timer to 150 seconds.
<Sysname> system-view
[Sysname] dot1x timer server-timeout 150
reset dot1x statistics
Syntax
reset dot1x statistics [ interface interface-list ]
request
timeout
timer
(tx-period):
Once
4-16
an
authenticator
sends
an
Advertisement
Chapters
Table of Contents
