C
HAPTER
15
| Security Commands
Network Access Server Commands
– 360 –
security network
nas eapoltimeout
This command sets the time the switch waits for a supplicant response
during an authentication session before retransmitting a Request Identify
EAPOL packet.
SYNTAX
security network nas eapoltimeout [eapol-timeout]
eapol-timeout - The time the switch waits for a supplicant response
during an authentication session before retransmitting a Request
Identify EAPOL packet. (Range: 1-255 seconds)
DEFAULT SETTING
30 seconds
EXAMPLE
Security/Network/NAS>eapoltimeout 100
Security/Network/NAS>
security network
nas agetime
This command sets the period used to calculate when to age out a client
allowed access to the switch through Single 802.1X, Multi 802.1X, and
MAC-based authentication.
SYNTAX
security network nas agetime [age-time]
age-time - The age out time a client allowed access to the switch
through Single 802.1X, Multi 802.1X, and MAC-based
authentication. (Range: 10-1,000,000 seconds)
DEFAULT SETTING
300 seconds
COMMAND USAGE
◆ When the NAS module uses the Port Security module to secure MAC
addresses, the Port Security module needs to check for activity on the
MAC address in question at regular intervals and free resources if no
activity is seen within the given age period.
◆ If re-authentication is enabled and the port is in a 802.1X-based mode,
this is not so critical, since supplicants that are no longer attached to
the port will be removed upon the next re-authentication, which will
fail. But if re-authentication is not enabled, the only way to free
resources is by aging out the entries.
◆ For ports in MAC-based authentication mode, re-authentication does
not cause direct communication between the switch and the client, so
this will not detect whether the client is still attached or not, and the
only way to free any resources is to age out the entry.
To Next Page
Loading...
