Configuring The Quiet Timer; Enabling The Periodic Online User Reauthentication Feature - HP FlexFabric 5700 Series Security Configuration Manual
Hide thumbs
Also See for FlexFabric 5700 Series:
- Configuration manual (185 pages) ,
- Configuration manual (63 pages) ,
- Configuration manual (132 pages)
Table of Contents
Advertisement
Configuring the quiet timer
The quiet timer enables the access device to wait a period of time before it can process any
authentication request from a client that has failed an 802.1X authentication.
You can edit the quiet timer, depending on the network conditions.
In a vulnerable network, set the quiet timer to a high value.
•
•
In a high-performance network with quick authentication response, set the quiet timer to a low
value.
To configure the quiet timer:
Step
1.
Enter system view.
2.
Enable the quiet timer.
3.
(Optional.) Set the quiet timer.
Enabling the periodic online user reauthentication
feature
Periodic online user reauthentication tracks the connection status of online users, and updates the
authorization attributes assigned by the server. The attributes include the ACL, VLAN, and user
profile-based QoS. The reauthentication interval is user configurable.
The server-assigned RADIUS Session-Timeout (attribute 27) and Termination-Action (attribute 29)
attributes can affect the periodic online user reauthentication feature. To display the server-assigned
Session-Timeout and Termination-Action attributes, use the display dot1x connection command (see
Security Command Reference).
If the termination action is logging off users, periodic reauthentication takes effect only when the
•
periodic reauthentication timer is shorter than the session timeout timer. If the session timeout timer
is shorter, the device logs off online authenticated users when the session timeout timer expires.
•
If the termination action is reauthenticating users, the periodic online user reauthentication
configuration on the device cannot take effect. The device reauthenticates online 802.1X users after
the session timeout timer expires.
Support for the server configuration and assignment of session timeout timer and termination action
depends on the server model.
If no server is reachable for 802.1X reauthentication, the device logs off the user or keeps it online,
depending on the configuration on the device.
The VLANs assigned to an online user before and after reauthentication can be the same or different.
To enable the periodic online user reauthentication feature:
Step
1.
Enter system view.
Command
system-view
dot1x quiet-period
dot1x timer quiet-period
quiet-period-value
Command
system-view
85
Remarks
N/A
By default, the timer is disabled.
The default is 60 seconds.
Remarks
N/A
- Quick Links:
- Configuring Local Users
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
