Interface Configuration
7750 SR OS Interface Configuration Guide Page 127
802.1x Timers
The 802.1x authentication procedure is controlled by a number of configurable timers and scalars.
There are two separate sets, one for the EAPOL message exchange and one for the RADIUS
message exchange. See Figure 30 for an example of the timers.
EAPOL timers:
•
transit-period — Indicates how many seconds the Authenticator will listen for an EAP-
Response/ID frame. If the timer expires, a new EAP-Request/ID frame will be sent and
the timer restarted. The default value is 60. The range is 1-3600 seconds.
•
supplicant-timeout — This timer is started at the beginning of a new authentication
procedure (transmission of first EAP-Request/ID frame). If the timer expires before an
EAP-Response/ID frame is received, the 802.1x authentication session is considered as
having failed. The default value is 30. The range is 1 — 300.
•
quiet-period — Indicates number of seconds between authentication sessions It is started
after logoff, after sending an EAP-Failure message or after expiry of the supplicant-
timeout timer. The default value is 60. The range is 1 — 3600.
RADIUS timer and scaler:
•
max-auth-req — Indicates the maximum number of times that the router will send an
authentication request to the RADIUS server before the procedure is considered as having
failed. The default value is value 2. The range is 1 — 10.
•
server-timeout — Indicates how many seconds the authenticator will wait for a RADIUS
response message. If the timer expires, the access request message is sent again, up to
max-auth-req times. The default value is 60. The range is 1 — 3600 seconds.
To Next Page
Loading...
