Table of Contents
Advertisement
Multi-Host – Allows multiple host to connect to this port.
■
In this mode, only one host connected to a port needs to pass
authentication for all other hosts to be granted network access. Similarly, a
port can become unauthorized for all hosts if one attached host fails re-
authentication or sends an EAPOL logoff message.
MAC-Based – Allows multiple hosts to connect to this port, with each host
■
needing to be authenticated.
In this mode, each host connected to a port needs to pass authentication.
The number of hosts allowed access to a port operating in this mode is
limited only by the available space in the secure address table (i.e., up to
1024 addresses).
◆
Max Count – The maximum number of hosts that can connect to a port when
the Multi-Host operation mode is selected. (Range: 1-1024; Default: 5)
◆
Max Request – Sets the maximum number of times the switch port will
retransmit an EAP request packet to the client before it times out the
authentication session. (Range: 1-10; Default 2)
◆
Quiet Period – Sets the time that a switch port waits after the Max Request
Count has been exceeded before attempting to acquire a new client.
(Range: 1-65535 seconds; Default: 60 seconds)
◆
Tx Period – Sets the time period during an authentication session that the
switch waits before re-transmitting an EAP packet. (Range: 1-65535;
Default: 30 seconds)
◆
Supplicant Timeout – Sets the time that a switch port waits for a response to
an EAP request from a client before re-transmitting an EAP packet.
(Range: 1-65535; Default: 30 seconds)
This command attribute sets the timeout for EAP-request frames other than
EAP-request/identity frames. If dot1x authentication is enabled on a port, the
switch will initiate authentication when the port link state comes up. It will
send an EAP-request/identity frame to the client to request its identity,
followed by one or more requests for authentication information. It may also
send other EAP-request frames to the client during an active connection as
required for reauthentication.
◆
Server Timeout – Sets the time that a switch port waits for a response to an
EAP request from an authentication server before re-transmitting an EAP
packet. (Default: 0 seconds)
A RADIUS server must be set before the correct operational value of 10 seconds
will be displayed in this field. (See
Servers" on page
226.)
Configuring 802.1X Port Authentication
"Configuring Remote Logon Authentication
– 295 –
Chapter 12
| Security Measures
- Quick Links:
- User Manual
Hide quick links:
Advertisement
Table of Contents
