Default
The handshake timer is 15 seconds, the quiet timer is 60 seconds, the periodic re-authentication timer is
3600 seconds, the server timeout timer is 100 seconds, the client timeout timer is 30 seconds, and the
username request timeout timer is 30 seconds.
Views
System view
Predefined user roles
network-admin
Parameters
handshake-period handshake-period-value: Sets the handshake timer in seconds. The value range is 5
to 1024.
quiet-period quiet-period-value: Sets the quiet timer in seconds. The value range is 10 to 120.
reauth-period reauth-period-value: Sets the periodic re-authentication timer in seconds. The value range
is 60 to 7200.
server-timeout server-timeout-value: Sets the server timeout timer in seconds. The value range is 100 to
300.
supp-timeout supp-timeout-value: Sets the client timeout timer in seconds. The value range is 1 to 120.
tx-period tx-period-value: Sets the username request timeout timer in seconds. The value range is 10 to
120.
Usage guidelines
You can set the client timeout timer to a high value in a low-performance network, set the quiet timer to
a high value in a vulnerable network or a low value for quicker authentication response, or adjust the
server timeout timer to adapt to the performance of different authentication servers. In most cases, the
default settings are sufficient.
The network device uses the following 802.1X timers:
• Handshake timer (handshake-period)—Sets the interval at which the access device sends client
handshake requests to check the online status of a client that has passed authentication. If the
device receives no response after sending the maximum number of handshake requests, it considers
that the client has logged off.
• Quiet timer (quiet-period)—Starts when a client fails authentication. The access device must wait
the time period before it can process the authentication attempts from the client.
• Periodic re-authentication timer (reauth-period)—Sets the interval at which the network device
periodically re-authenticates online 802.1X users. To enable periodic online user re-authentication
on a port, use the dot1x re-authenticate command. The change to the periodic re-authentication
timer applies to the users that have been online only after the old timer expires.
• Server timeout timer (server-timeout)—Starts when the access device sends a RADIUS
Access-Request packet to the authentication server. If no response is received when this timer
expires, the access device retransmits the request to the server.
105
To Next Page
Loading...
Need help?
General
