C
HAPTER
14
| Security Measures
Configuring 802.1X Port Authentication
– 330 –
◆ Max-Request – Sets the maximum number of times the switch port
will retransmit an EAP request packet to the client before it times out
the authentication session. (Range: 1-10; Default 2)
◆ Quiet Period – Sets the time that a switch port waits after the Max
Request Count has been exceeded before attempting to acquire a new
client. (Range: 1-65535 seconds; Default: 60 seconds)
◆ Tx Period – Sets the time period during an authentication session that
the switch
waits before re-transmitting an EAP packet.
(Range: 1-65535; Default: 30 seconds)
◆ Supplicant Timeout – Sets the time that a switch port waits for a
response to an EAP request from a client before re-transmitting an EAP
packet.
(Range: 1-65535; Default: 30 seconds)
This command attribute sets the timeout for EAP-request frames other
than EAP-request/identity frames. If dot1x authentication is enabled on
a port, the switch will initiate authentication when the port link state
comes up. It will send an EAP-request/identity frame to the client to
request its identity, followed by one or more requests for authentication
information. It may also send other EAP-request frames to the client
during an active connection as required for reauthentication.
◆ Server Timeout – Sets the time that a switch port waits for a response
to an EAP request from an authentication server before re-transmitting
an EAP packet.
(Fixed Setting: 10 seconds)
◆ Re-authentication Status – Sets the client to be re-authenticated
after the interval specified by the Re-authentication Period. Re-
authentication can be used to detect if a new device is plugged into a
switch port. (Default: Disabled)
◆ Re-authentication Period – Sets the time period after which a
connected client must be re-authenticated. (Range: 1-65535 seconds;
Default: 3600 seconds)
◆ Intrusion Action – Sets the port’s response to a failed authentication.
â–
Block Traffic – Blocks all non-EAP traffic on the port. (This is the
default setting.)
â–
Guest VLAN – All traffic for the port is assigned to a guest VLAN.
The guest VLAN must be separately configured (See "Configuring
VLAN Groups" on page 158) and mapped on each port (See
"Configuring Network Access for Ports" on page 280).
Authenticator PAE State Machine
◆ State – Current state (including initialize, disconnected, connecting,
authenticating, authenticated, aborting, held, force_authorized,
force_unauthorized).
◆ Reauth Count – Number of times connecting state is re-entered.
To Next Page
Loading...
Need help?
General