197
•
Periodic reauthentication timer: 3600 seconds.
•
Server timeout timer: 100 seconds.
•
Client timeout timer: 30 seconds.
•
Username request timeout timer: 30 seconds.
Views
System view
Predefined user roles
network-admin
mdc-admin
Parameters
ead-timeout
ead-timeout-value
: Specifies the EAD rule timer in minutes. The value range for the
ead-timeout-value
argument is 1 to 1440.
handshake-period handshake-period-value
: Specifies the handshake timer in seconds. The value
range for the
handshake-period-value
argument is 5 to 1024.
quiet-period quiet-period-value
: Specifies the quiet timer in seconds. The value range for the
quiet-period-value
argument is 10 to 120.
reauth-period reauth-period-value
: Specifies the periodic reauthentication timer in seconds. The
value range for the
reauth-period-value
argument is 60 to 7200.
server-timeout server-timeout-value
: Specifies the server timeout timer in seconds. The value
range for the
server-timeout-value
argument is 100 to 300.
supp-timeout supp-timeout-value
: Specifies the client timeout timer in seconds. The value range for
the
supp-timeout-value
argument is 1 to 120.
tx-period tx-period-value
: Specifies the username request timeout timer in seconds. The value
range for the
tx-period-value
argument is 1 to 120.
Usage guidelines
In most cases, the default settings are sufficient. You can edit the timers, depending on the network
conditions.
•
In a low-speed network, increase the client timeout timer.
•
In a vulnerable network, set the quiet timer to a high value.
•
In a high-performance network with quick authentication response, set the quiet timer to a low
value.
•
In a network with authentication servers of different performance, adjust the server timeout
timer.
The network device uses the following 802.1X timers:
•
EAD rule timer (ead-timeout)
—Sets the lifetime of each EAD rule. When the timer expires or
the user passes authentication, the rule is removed. If users fail to download the EAD client or
fail to pass authentication within the timer, they must reconnect to the network to access the
free IP.
•
Handshake timer (handshake-period)
—Sets the interval at which the access device sends
client handshake requests to check the online status of a client that has passed authentication.
If the device does not receive a response after sending the maximum number of handshake
requests, it considers that the client has logged off.
•
Quiet timer (quiet-period)
—Starts when a client fails authentication. The access device must
wait the time period before it can process the authentication attempts from the client.