Parameter Description
Maximum number of
times Held State can be
bypassed
Number of consecutive authentication failures which, when reached, causes the
switch to not respond to authentication requests from a client while the switch is
in a held state after the authentication failure. Before this number is reached, the
switch responds to authentication requests from the client even while the switch is
in its held state.
(This parameter is applicable when 802.1X authentication is terminated on the
switch, also known as AAA FastConnect.) The allowed range of values for this
parameter is 0-3 failures, and the default value is 0.
Dynamic WEP Key
Message Retry Count
Set the Number of times WPA/WPA2 Key Messages are retried.
Range: 1-5 retries.
Default: 3 retries.
Dynamic WEP Key Size The default dynamic WEP key size is 128 bits, If desired, you can change this
parameter to 40 bits.
Interval between
WPA/WPA2 Key
Messages
Interval, in milliseconds, between each WPA key exchanges.
Range: 1000-5000 ms.
Default: 1000 ms.
Delay between EAP-
Success and WPA2
Unicast Key Exchange
Interval, in milliseconds, between EAP-Success and unicast key exchanges.
Range: 0-2000 ms.
Default: 0 ms (no delay).
Delay between
WPA/WPA2 Unicast Key
and Group Key
Exchange
Interval, in milliseconds, between unicast and multicast key exchange. Time
interval in milliseconds.
Range: 0-2000.
Default: 0 (no delay).
Time interval after
which the PMKSA will be
deleted
The time interval after which the PMKSA (Pairwise Master Key Security
Association) cache is deleted. Time interval in Hours.
Range: 1-2000.
Default: 8.
WPA/WPA2 Key
Message Retry Count
Number of times WPA/WPA2 key messages are retried.
Range: 1-5 retries.
Default: 3 retries.
Multicast Key Rotation Select this checkbox to enable multicast key rotation. This feature is disabled by
default.
Unicast Key Rotation Select this checkbox to enable unicast key rotation. This feature is disabled by
default.
Opportunistic Key
Caching
By default, the 802.1X authentication profile enables a cached pairwise master
key (PMK) which is derived through a client and an associated AP. This key is used
when the client roams to a new AP. This allows clients faster roaming without a
full 802.1X authentication. Uncheck this option to disable this feature.
NOTE: Make sure that the wireless client (the 802.1X supplicant) supports this
feature. If the client does not support this feature, the client will attempt to
renegotiate the key whenever it roams to a new AP. As a result, the key cached on
the switch can be out of sync with the client's key.
Table 72: 802.1X Authentication Profile Basic WebUI Parameters
AOS-W 6.5.3.x | User Guide 802.1X Authentication | 265
To Next Page
Loading...