C
HAPTER
16
| IEEE 802.1X Commands
– 273 –
DEFAULT SETTING
Allows all new clients.
COMMAND USAGE
The switch has a fixed pool of state-machines, from which all ports draw
whenever a new client is seen on the port. When a given port's maximum
is reached (counting both authorized and unauthorized clients), further
new clients are disallowed access. Since all ports draw from the same pool,
it may happen that a configured maximum cannot be granted, if the
remaining ports have already used all available state-machines.
EXAMPLE
Dot1x>clients 9 10
Dot1x>
dot1x agetime This command displays or sets the time between checking for activity on
successfully authenticated MAC addresses.
SYNTAX
dot1x agetime [age-time]
age-time - The period used to calculate when to age out a client
allowed access to the switch through MAC-based authentication as
described below. (Range: 10-1000000 seconds)
DEFAULT SETTING
300 seconds
COMMAND USAGE
Suppose a client is connected to a 3rd party switch or hub, which in turn is
connected to a port on this switch that is running MAC-based
authentication, and suppose the client gets successfully authenticated.
Now assume that the client powers down his PC. What should make the
switch forget about the authenticated client? Reauthentication will not
solve this problem, since this doesn't require the client to be present, as
discussed under Reauthentication Enabled above. The solution is aging out
authenticated clients.
A timer is started when the client gets authenticated. After half the age
period, the switch starts looking for frames sent by the client. If another
half age period elapses and no frames are seen, the client is considered
removed from the system, and it will have to authenticate again the next
time a frame is seen from it. If, on the other hand, the client transmits a
frame before the second half of the age period expires, the switch will
consider the client alive, and leave it authenticated. Therefore, an age
period of T will require the client to send frames more frequent than T/2 to
stay authenticated.
To Next Page
Loading...
Need help?
General