EasyManua.ls Logo

Nokia 7705 SAR - 3.3.3 802.1 x Timers

Nokia 7705 SAR
902 pages
To Next Page IconTo Next Page
To Next Page IconTo Next Page
To Previous Page IconTo Previous Page
To Previous Page IconTo Previous Page
Loading...
Interface Configuration Guide 7705 SAR Interfaces
Edition: 01 3HE 11011 AAAC TQZZA 163
force-unauth — causes the port to remain in the unauthorized state, ignoring all
attempts by the hosts to authenticate. The authenticator cannot provide
authentication services to the host through the interface.
3.3.3 802.1x Timers
The 802.1x authentication process is controlled by a number of configurable timers.
There are two separate sets, one for the EAPOL message exchange and one for the
RADIUS message exchange. Figure 20 shows an example of the timers.
EAPOL timers:
transmit-period — indicates how many seconds after sending an
EAP-Request/ID frame that the 7705 SAR will listen for a supplicant to
authenticate (by sending a EAP-Response/ID frame). If the timer expires before
a response is received, a new EAP-Request/ID frame will be sent and the timer
restarted. The default value is 30 s. The range is 1 to 3600 s.
supplicant-timeout — indicates how many seconds to allow the 7705 SAR to
complete the authentication process. This timer is started at the beginning of a
new authentication process (transmission of first EAP-Request/ID frame and
receipt of an EAP-Response/ID frame). If the timer expires, the 802.1x
authentication session is considered to have failed and the 7705 SAR waits for
the quiet-period timer to expire before processing another authentication
request. The default value is 30 s. The range is 1 to 300 s.
quiet-period — indicates the number of seconds that the authenticator will not
search for clients after an unsuccessful EAP authentication. The timer is started
after sending an EAP-Failure message or after expiry of the supplicant timeout
timer. The default value is 60 s. The range is 1 to 3600 s.
RADIUS timers:
max-auth-req — indicates the maximum number of times that the authenticator
will send an authentication request to the RADIUS server before the process is
considered as to have failed. The default value is 2. The range is 1 to 10.
server-timeout — indicates how many seconds the authenticator will wait for a
RADIUS response message. If the timer expires, the access request message
is sent again, up to the max-auth-req value, and the timer is reset. The default
value is 30 s. The range is 1 to 300 s.

Table of Contents

Related product manuals