Configuring The Maximum Number Of Requests; Configuring The Number Of Polling Retries; Re-Authenticating An 802.1X Port - Alcatel-Lucent OmniSwitch 6800 Series Network Configuration Manual

Configuring 802.1X
Note. The authentication server timeout may also be configured (with the server-timeout keyword) but
the value is always superseded by the value set for the RADIUS server through the
command.

Configuring the Maximum Number of Requests

During the authentication process, the switch sends requests for authentication information from the
supplicant. By default, the switch will send up to two requests for information. If the supplicant does not
reply within the timeout value configured for the supplicant timeout, the authentication session attempt
will expire. The switch will then use its quiet timeout and transmit timeout before accepting an authentica-
tion attempt or sending out an identity request.
To change the maximum number of requests sent to the supplicant during an authentication attempt, use
the max-req keyword with the
-> 802.1x 3/1 max-req 3
In this example, the maximum number of requests that will be sent is three.

Configuring the Number of Polling Retries

To change the number of times a device is polled for EAP frames to determine whether or not the device
is an 802.1x client, use the
-> 802.1x 3/1 supp-polling retry 10
In this example, the maximum number of times a device is polled is set to 10. If no EAP frames are
received, the device is considered a non-supplicant, and any non-supplicant classification policies config-
ured for the port are applied to the device.
To bypass 802.1x authentication and classify supplicants connected to the port as non-supplicants, set the
number of polling retries to zero:
-> 802.1x 3/1 supp-polling retry 0
Note. Setting the number of polling retries to zero turns off 802.1x authentication for the port; all devices
(including supplicants) are then classified as non-supplicants. As a result, non-supplicant policies that use
MAC-based authentication are now applicable to supplicant devices, not just non-supplicant devices.

Re-authenticating an 802.1X Port

An automatic reauthentication process may be enabled or disabled on any 802.1X port. The re-authentica-
tion is used to maintain the 802.1X connection (not to re-authenticate the user). The process is transparent
to the 802.1X supplicant. By default, re-authentication is not enabled on the port.
To enable or disable re-authentication, use the reauthentication or no reauthentication keywords with
the 802.1x command. For example:
-> 802.1x 3/1 reauthentication
In this example, re-authentication will periodically take place on port 1 of slot 3.
The re-authperiod parameter may be used to configure the time that must expire before automatic re-
authentication attempts. For example:
OmniSwitch 6800/6850/9000 Network Configuration Guide
802.1x command. For example:
802.1x supp-polling retry
Setting Up Port-Based Network Access Control
command. For example:
March 2008
aaa radius-server
page 27-13