clear multiauth session-timeout
32-52 Authentication and Authorization Configuration
clear multiauth session-timeout
Use this command to reset the maximum number of consecutive seconds an authenticated session
may last before termination of the session to its default value of 0.
Syntax
clear multiauth session-timeout [dot1x | mac | pwa]
Parameters
Defaults
If no authentication method is specified, the session timeout value is reset to its default value of 0
for all authentication methods.
Mode
Switch mode, read-write.
Example
This example resets the session timeout value for the IEEE 802.1X authentication method to 0
seconds.
C3(su)->clear multiauth session-timeout dot1x
Configuring User + IP Phone Authentication
User + IP phone authentication is a legacy feature that allows a user and their IP phone to both use
a single port on the
switch but to have separate policy roles. The user’s PC and their IP phone are
daisy-chained together with a single connection to the network.
This special application of multi-user authentication was inherited from legacy platforms (such as
the B2 and C2) that could not natively support multiple users per port. The Enterasys C3 can
support multiple users per port so the User + IP phone application should only be used if you are
integrating Enterasys C3s into a legacy deployment.
With "User + IP Phone" authentication, the policy role for the IP phone is statically mapped using
a policy admin rule which assigns any packets received with a VLAN tag set to a specific VID (for
example, Voice VLAN) to an specified policy role (for example, IP Phone policy role). Therefore, it
is required that the IP phone be configured to send VLAN-tagged packets tagged for the “Voice”
VLAN. Refer to the Usage section for the command “set policy rule” on page 15-10 for additional
information about configuring a policy admin rule that maps a VLAN tag to a policy role.
Note that if the IP phone authenticates to the network, the RADIUS accept message must return
null values for RFC 3580 tunnel attributes and the Filter-ID.
dot1x (Optional) Specifies the IEEE 802.1X port-based network access control
authentication method for which to reset the timeout value to its
default.
mac (Optional) Specifies the Enterasys MAC authentication method for
which to reset the timeout value to its default.
pwa (Optional) Specifies the Enterasys Port Web Authentication method for
which to reset the timeout value to its default.
To Next Page
Loading...
Need help?
General