85
Configuring the quiet timer
The quiet timer enables the access device to wait a period of time before it can process any
authentication request from a client that has failed an 802.1X authentication.
You can edit the quiet timer, depending on the network conditions.
•
In a vulnerable network, set the quiet timer to a high value.
•
In a high-performance network with quick authentication response, set the quiet timer to a low
value.
To configure the quiet timer:
Step Command
Remarks
1.
Enter system view.
system-view
N/A
2.
Enable the quiet timer.
dot1x quiet-period
By default, the timer is disabled.
3.
(Optional.) Set the quiet timer.
dot1x timer quiet-period
quiet-period-value
The default is 60 seconds.
Enabling the periodic online user reauthentication
feature
Periodic online user reauthentication tracks the connection status of online users, and updates the
authorization attributes assigned by the server. The attributes include the ACL, VLAN, and user
profile-based QoS. The reauthentication interval is user configurable.
The server-assigned RADIUS Session-Timeout (attribute 27) and Termination-Action (attribute 29)
attributes can affect the periodic online user reauthentication feature. To display the server-assigned
Session-Timeout and Termination-Action attributes, use the
display dot1x connection
command (see
Security Command Reference
).
•
If the termination action is logging off users, periodic reauthentication takes effect only when the
periodic reauthentication timer is shorter than the session timeout timer. If the session timeout timer
is shorter, the device logs off online authenticated users when the session timeout timer expires.
•
If the termination action is reauthenticating users, the periodic online user reauthentication
configuration on the device cannot take effect. The device reauthenticates online 802.1X users after
the session timeout timer expires.
Support for the server configuration and assignment of session timeout timer and termination action
depends on the server model.
If no server is reachable for 802.1X reauthentication, the device logs off the user or keeps it online,
depending on the configuration on the device.
The VLANs assigned to an online user before and after reauthentication can be the same or different.
To enable the periodic online user reauthentication feature:
Step Command
Remarks
1.
Enter system view.
system-view
N/A