134
Predefined user roles
network-admin
Parameters
handshake-period handshake-period-value: Sets the handshake timer in seconds. The value range for
the handshake-period-value argument is 5 to 1024.
quiet-period quiet-period-value: Sets the quiet timer in seconds. The value range for the
quiet-period-value argument is 10 to 120.
reauth-period reauth-period-value: Sets the periodic reauthentication timer in seconds. The value range
for the reauth-period-value argument is 60 to 7200.
server-timeout server-timeout-value: Sets the server timeout timer in seconds. The value range for the
server-timeout-value argument is 100 to 300.
supp-timeout supp-timeout-value: Sets the client timeout timer in seconds. The value range for the
supp-timeout-value argument is 1 to 120.
tx-period tx-period-value: Sets the username request timeout timer in seconds. The value range for the
tx-period-value argument is 10 to 120.
Usage guidelines
In most cases, the default settings are sufficient. You can edit the timers, depending on your network
conditions:
• In a low-speed network, increase the client timeout timer.
• In a vulnerable network, set the quiet timer to a high value.
• In a high-performance network with quick authentication response, set the quiet timer to a low
value.
• In a network with authentication servers of different performance, adjust the server timeout timer.
The periodic reauthentication timer does not take effect if the server has assigned a session timeout timer
to the device.
The network device uses the following 802.1X timers:
• Handshake timer (handshake-period)—Sets the interval at which the access device sends client
handshake requests to check the online status of a client that has passed authentication. If the
device receives no response after sending the maximum number of handshake requests, it considers
that the client has logged off.
• Quiet timer (quiet-period)—Starts when a client fails authentication. The access device must wait
the time period before it can process the authentication attempts from the client.
• Periodic reauthentication timer (reauth-period)—Sets the interval at which the network device
periodically reauthenticates online 802.1X users. To enable periodic online user reauthentication
on a port, use the dot1x re-authenticate command. The change to the periodic reauthentication
timer applies to the users who have been online only after the old timer expires.
• Server timeout timer (server-timeout)—Starts when the access device sends a RADIUS
Access-Request packet to the authentication server. If no response is received when this timer
expires, the access device retransmits the request to the server.
• Client timeout timer (supp-timeout)—Starts when the access device sends an EAP-Request/MD5
Challenge packet to a client. If no response is received when this timer expires, the access device
retransmits the request to the client.
To Next Page
Loading...
