Configuring Port-Based and Client-Based Access Control (802.1X)
Configuring Switch Ports as 802.1X Authenticators
Available only on 5300xl switches running software
release E.09.xx or greater. Specifies the maximum
number of 802.1X-authenticated client sessions
allowed on each of the ports in < port-list >. If a port
currently has no authenticated client sessions, the next
authenticated client session the port accepts deter
-
mines the VLAN to which the port is assigned during
the session. If another client session begins later on the
same port while an earlier session is active, the later
session will be on the same VLAN as the earlier session.
Note: Because a 5300xl switch running software
release E.09.xx or greater allows 802.1X authentica
-
tion and Web or MAC authentication to co-exist on the
same port, the sum of authenticated client sessions
allowed on a given port for both 802.1X and either Web-
or MAC-authentication cannot exceed 32.
[quiet-period < 0 - 65535 >]
Sets the period during which the port does not try to
acquire a supplicant. The period begins after the last
attempt authorized by the max-requests parameter fails
(next page). (Default: 60 seconds)
[tx-period < 0 - 65535 >]
Sets the period the port waits to retransmit the next
EAPOL PDU during an authentication session.
(Default: 30 seconds)
[supplicant-timeout < 1 - 300 >]
Sets the period of time the switch waits for a supplicant
response to an EAP request. If the supplicant does not
respond within the configured time frame, the session
times out. (Default: 30 seconds)
[server-timeout < 1 - 300 >]
Sets the period of time the switch waits for a server
response to an authentication request. If there is no
response within the configured time frame, the switch
assumes that the authentication attempt has timed
out. Depending on the current max-requests setting, the
switch will either send a new request to the server or
end the authentication session. (Default: 30 seconds)
— Continued —
10-17
To Next Page
Loading...
