Table of Contents
Advertisement
Max-Request – Sets the maximum number of times the switch port
◆
will retransmit an EAP request packet to the client before it times out
the authentication session. (Range: 1-10; Default 2)
Quiet Period – Sets the time that a switch port waits after the Max
◆
Request Count has been exceeded before attempting to acquire a new
client. (Range: 1-65535 seconds; Default: 60 seconds)
Tx Period – Sets the time period during an authentication session that
◆
the switch waits before re-transmitting an EAP packet.
(Range: 1-65535; Default: 30 seconds)
Supplicant Timeout – Sets the time that a switch port waits for a
◆
response to an EAP request from a client before re-transmitting an EAP
packet. (Range: 1-65535; Default: 30 seconds)
This command attribute sets the timeout for EAP-request frames other
than EAP-request/identity frames. If dot1x authentication is enabled on
a port, the switch will initiate authentication when the port link state
comes up. It will send an EAP-request/identity frame to the client to
request its identity, followed by one or more requests for authentication
information. It may also send other EAP-request frames to the client
during an active connection as required for reauthentication.
Server Timeout – Sets the time that a switch port waits for a response
◆
to an EAP request from an authentication server before re-transmitting
an EAP packet. (Fixed Setting: 10 seconds)
Re-authentication Status – Sets the client to be re-authenticated
◆
after the interval specified by the Re-authentication Period. Re-
authentication can be used to detect if a new device is plugged into a
switch port. (Default: Disabled)
◆
Re-authentication Period – Sets the time period after which a
connected client must be re-authenticated. (Range: 1-65535 seconds;
Default: 3600 seconds)
Re-authentication Max Retries – The maximum number of times the
◆
switch port will retransmit an EAP request/identity packet to the client
before it times out the authentication session. (Range: 1-10;
Default: 2)
Intrusion Action – Sets the port's response to a failed authentication.
◆
Block Traffic – Blocks all non-EAP traffic on the port. (This is the
■
default setting.)
Guest VLAN – All traffic for the port is assigned to a guest VLAN.
■
The guest VLAN must be separately configured (See
VLAN Groups" on page
"Configuring Network Access for Ports" on page
– 343 –
C
14
HAPTER
Configuring 802.1X Port Authentication
168) and mapped on each port (See
| Security Measures
"Configuring
290).
- Quick Links:
- Connecting to the Switch
Hide quick links:
Advertisement
Table of Contents
