C
HAPTER
13
| Security Measures
Configuring 802.1X Port Authentication
– 317 –
In this mode, only one host connected to a port needs to pass
authentication for all other hosts to be granted network access.
Similarly, a port can become unauthorized for all hosts if one
attached host fails re-authentication or sends an EAPOL logoff
message.
â–
MAC-Based – Allows multiple hosts to connect to this port, with
each host needing to be authenticated.
In this mode, each host connected to a port needs to pass
authentication. The number of hosts allowed access to a port
operating in this mode is limited only by the available space in the
secure address table (i.e., up to 1024 addresses).
◆ Max MAC Count – The maximum number of hosts that can connect to
a port when the Multi-Host operation mode is selected.
(Range: 1-1024; Default: 5)
◆ Max Request – Sets the maximum number of times the switch port
will retransmit an EAP request packet to the client before it times out
the authentication session. (Range: 1-10; Default 2)
◆ Quiet Period – Sets the time that a switch port waits after the Max
Request Count has been exceeded before attempting to acquire a new
client. (Range: 1-65535 seconds; Default: 60 seconds)
◆ Tx Period – Sets the time period during an authentication session that
the switch
waits before re-transmitting an EAP packet.
(Range: 1-65535; Default: 30 seconds)
◆ Supplicant Timeout – Sets the time that a switch port waits for a
response to an EAP request from a client before re-transmitting an EAP
packet.
(Range: 1-65535; Default: 30 seconds)
This command attribute sets the timeout for EAP-request frames other
than EAP-request/identity frames. If dot1x authentication is enabled on
a port, the switch will initiate authentication when the port link state
comes up. It will send an EAP-request/identity frame to the client to
request its identity, followed by one or more requests for authentication
information. It may also send other EAP-request frames to the client
during an active connection as required for reauthentication.
◆ Server Timeout – Sets the time that a switch port waits for a response
to an EAP request from an authentication server before re-transmitting
an EAP packet.
(Fixed Setting: 10 seconds)
◆ Re-authentication Status – Sets the client to be re-authenticated
after the interval specified by the Re-authentication Period. Re-
authentication can be used to detect if a new device is plugged into a
switch port. (Default: Disabled)
◆ Re-authentication Period – Sets the time period after which a
connected client must be re-authenticated. (Range: 1-65535 seconds;
Default: 3600 seconds)
To Next Page
Loading...
Need help?
General
