KTI Networks KGS-2421 User Manual page 31

Web management interface / 24-port gigabit switch mit 4x sfp-ports

Hide thumbs Also See for KGS-2421:

Installation manual (25 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

page of 147

/ 147
Contents
Table of Contents
Bookmarks

Table of Contents

EAPOL Timeout

Age Period

Hold Time

Port Configuration

Port

Admin State

Determines the time the switch shall wait for the supplicant response before

retransmitting a packet.

Valid values: 1 ~ 255 seconds (This has no effect for MAC-based ports.)

This setting applies to ports running MAC-based authentication, only.

Suppose a client is connected to a 3

to a port on this switch that runs MAC-based authentication, and suppose the client

gets successfully authenticated. Now assume that the client powers down his PC.

What should make the switch forget about the authenticated client? Re-authentication

will not solve this problem, since this doesn't require the client to be present, as

discussed under

Reauthentication Enabled

authenticated clients. The Age Period, which can be set to a number between 10 and

1000000 seconds, works like this: A timer is started when the client gets

authenticated. After half the age period, the switch starts looking for frames sent by

the client. If another half age period elapses and no frames are seen, the client is

considered removed from the system, and it will have to authenticate again the next

time a frame is seen from it. If, on the other hand, the client transmits a frame before

the second half of the age period expires, the switch will consider the client alive, and

leave it authenticated. Therefore, an age period of T will require the client to send

frames more frequent than T/2 for him to stay authenticated.

This setting applies to ports running MAC-based authentication, only.

If the RADIUS server denies a client access, or a RADIUS server request times out

(according to the timeout specified on the Authentication configuration page), the

client is put on hold in the "Unauthorized" state. In this state, frames from the client

will not cause the switch to attempt to re-authenticate the client. The Hold Time,

which can be set to a number between 10 ~ 1000000 seconds, determines the time

after an EAP Failure indication or RADIUS timeout that a client is not allowed

access.

Description

The port number for which the configuration below applies.

Sets the authentication mode to one of the following options (only used when 802.1X

or MAC-based authentication is globally enabled):

Auto: Requires an 802.1X-aware client (supplicant) to be authorized by the

authentication server. Clients that are not 802.1X-aware will be denied access.

Authorized: Forces the port to grant access to all clients, 802.1X-aware or not. The

switch transmits an EAPOL Success frame when the port links up.

Unauthorized: Forces the port to deny access to all clients, 802.1X-aware or not. The

party switch or hub, which in turn is connected

above. The solution is aging of

-31-

Table of Contents

This manual is also suitable for:

Kgs-1620

KTI Networks KGS-2421 User Manual page 31

Related Manuals for KTI Networks KGS-2421

Related Products for KTI Networks KGS-2421

This manual is also suitable for:

Table of Contents