Parameter
d escription:
Mode:
Indicates
if
NAS
is
globally
enabled
or
disabled
on
the
switch.
If
globally
disabled,
all
ports
can
forward
f rames.
Reauthentication
E nabled:
If
checked,
successfully
authenticated
supplicants/clients
are
reauthenticated
after
the
interval
specified
by
the
Reauthentication
Period.
Reauthentication
for
802.1X-‐enabled
ports
can
be
used
to
d etect
i f
a
n ew
d evice
i s
p lugged
i nto
a
s witch
p ort
o r
i f
a
s upplicant
i s
n o
l onger
a ttached.
For
MAC-‐based
ports,
reauthentication
is
only
useful
if
the
RADIUS
server
configuration
has
changed.
It
does
not
involve
communication
between
the
switch
and
the
client,
and
therefore
doesn't
i mply
t hat
a
c lient
i s
s till
p resent
o n
a
p ort
( see
A ging
P eriod
b elow).
Reauthentication
P eriod:
Determines
t he
p eriod,
i n
s econds,
a fter
w hich
a
c onnected
c lient
m ust
b e
r eauthenticated.
T his
i s
only
active
if
the
Reauthentication
Enabled
checkbox
is
checked.
Valid
values
are
in
the
range
1
to
3600
s econds.
EAPOL
T imeout:
Determines
t he
t ime
f or
r etransmission
o f
R equest
I dentity
E APOL
f rames.
Valid
v alues
a re
i n
t he
r ange
1
t o
2 55
s econds.
T his
h as
n o
e ffect
f or
M AC-‐based
p orts.
Aging
P eriod:
This
setting
applies
to
the
following
modes,
i.e.,
modes
using
the
Port
Security
functionality
to
secure
M AC
a ddresses:
•
S ingle
8 02.1X
•
M ulti
8 02.1X
•
M AC-‐Based
A uth.
When
the
NAS
module
uses
the
Port
Security
module
to
secure
MAC
addresses,
the
Port
Security
module
needs
to
check
for
activity
on
the
MAC
address
in
question
at
regular
intervals
and
free
resources
if
no
activity
is
seen
within
a
given
period
of
time.
This
parameter
controls
exactly
this
period
a nd
c an
b e
s et
t o
a
n umber
b etween
1 0
a nd
1 000000
s econds.
If
reauthentication
is
enabled
and
the
port
is
in
an
802.1X-‐based
mode,
this
is
not
so
critical,
since
supplicants
t hat
a re
n o
l onger
a ttached
t o
t he
p ort
w ill
b e
r emoved
u pon
t he
n ext
r eauthentication,
which
w ill
f ail.
B ut
i f
r eauthentication
i s
n ot
e nabled,
t he
o nly
w ay
t o
f ree
r esources
i s
b y
a ging
t he
entries.
For
ports
in
MAC-‐based
Auth.
mode,
reauthentication
doesn't
cause
direct
communication
between
t he
s witch
a nd
t he
c lient,
s o
t his
w ill
n ot
d etect
w hether
t he
c lient
i s
s till
a ttached
o r
n ot,
and
t he
o nly
w ay
t o
f ree
a ny
r esources
i s
t o
a ge
t he
e ntry.
Hold
T ime
:
This
setting
applies
to
the
following
modes,
i.e.
modes
using
the
Port
Security
functionality
to
66
Publication date: Sept, 2015
Revision A1