Table of Contents
Advertisement
F
M
RONT
ATTER
Aging Period:
Use this field to configure the time
the Single 802.1X, Multi 802.1X and MAC-Based Auth modes that use Port Security to secure MAC addresses.
When the NAS module uses the Port Security module to secure MAC addresses, the Port Security module checks for activity on the MAC
address and frees resources if no activity is seen within the aging period.
If reauthentication is enabled and the port is in an 802.1X-based mode, this is not so critical, since supplicants that are no longer attached to
the port will get removed upon the next reauthentication, which will fail. But if reauthentication is not enabled, the only way to free resources
is by aging the entries.
For ports in MAC-based Auth. mode, reauthentication doesn't cause direct communication between the switch and the client, so this will not
detect whether the client is still attached or not, and the only way to free any resources is to age the entry.
Hold Time:
Use this field to configure how long a client that fails authentication must remain locked out before being allowed to authenticate. This field
can be between
10
and
rity to secure MAC addresses.
If a client fails to authenticate because the RADIUS server denies the client access or because the RADIUS server request times out, the
client is put on hold in the Unauthorized state. The hold timer pauses during authentication.
In MAC-based authentication mode, the switch ignores frames from the client during the hold time.
RADIUS-Assigned QoS Enabled:
Use this check box to globally enable a RADIUS server to assign a QoS class to authenticated supplicants.
This enables central control of the traffic class applied to traffic from an authenticated supplicant. The RADIUS server must also be config-
ured to transmit special RADIUS attributes to take advantage of this feature.
RADIUS-Assigned VLAN Enabled:
Use this check box to globally enable a RADIUS server to assign a VLAN to authenticated supplicants.
This enables central control of the VLAN an authenticated supplicant is a member of.
The RADIUS server must also be configured to transmit special RADIUS attributes to take advantage of this feature.
Guest VLAN Enabled:
Use this check box to globally enable 802.1X-unaware clients to be made members of the guest VLAN after an administrator-defined time-
out.
MGS3600-24F/XGS3600-26F/XGS3600-28F
(10
to
1000000
seconds) after which authenticated MAC address entries are deleted. This field applies to
1000000
seconds and applies to the Single 802.1X, Multi 802.1X and MAC-Based Auth modes that use Port Secu-
8-16
U
'
G
SER
S
UIDE
- Quick Links:
- Switch Access and Login
Hide quick links:
Advertisement
Chapters
Table of Contents
