Table of Contents
Advertisement
Views
System view
Predefined user roles
network-admin
Parameters
ead-timeout ead-timeout-value: Specifies the EAD rule timer in minutes. The value range for the
ead-timeout-value argument is 1 to 1440.
handshake-period handshake-period-value: Specifies the handshake timer in seconds. The value
range for the handshake-period-value argument is 5 to 1024.
quiet-period quiet-period-value: Specifies the quiet timer in seconds. The value range for the
quiet-period-value argument is 10 to 120.
reauth-period reauth-period-value: Specifies the periodic reauthentication timer in seconds. The
value range for the reauth-period-value argument is 60 to 7200.
server-timeout server-timeout-value: Specifies the server timeout timer in seconds. The value
range for the server-timeout-value argument is 100 to 300.
supp-timeout supp-timeout-value: Specifies the client timeout timer in seconds. The value range for
the supp-timeout-value argument is 1 to 120.
tx-period tx-period-value: Specifies the username request timeout timer in seconds. The value
range for the tx-period-value argument is 1 to 120.
Usage guidelines
In most cases, the default settings are sufficient. You can edit the timers, depending on the network
conditions.
•
In a low-speed network, increase the client timeout timer.
•
In a vulnerable network, set the quiet timer to a high value.
•
In a high-performance network with quick authentication response, set the quiet timer to a low
value.
•
In a network with authentication servers of different performance, adjust the server timeout
timer.
The network device uses the following 802.1X timers:
•
EAD rule timer (EAD timeout)—Sets the lifetime of each EAD rule. When the timer expires or
the user passes authentication, the rule is removed. If users fail to download the EAD client or
fail to pass authentication within the timer, they must reconnect to the network to access the
free IP.
•
Handshake timer (handshake-period)—Sets the interval at which the access device sends
client handshake requests to check the online status of a client that has passed authentication.
If the device does not receive a response after sending the maximum number of handshake
requests, it considers that the client has logged off.
•
Quiet timer (quiet-period)—Starts when a client fails authentication. The access device must
wait the time period before it can process the authentication attempts from the client.
•
Periodic reauthentication timer (reauth-period)—Sets the interval at which the network
device periodically reauthenticates online 802.1X users. To enable periodic online user
reauthentication on a port, use the dot1x re-authenticate command.
•
Server timeout timer (server-timeout)—Starts when the access device sends a RADIUS
Access-Request packet to the authentication server. If no response is received when this timer
expires, the access device retransmits the request to the server.
24
Advertisement
Chapters
Table of Contents
