39
•
In a high-performance network with quick authentication response, set the quiet timer to a low
value.
•
In a network with authentication servers of different performance, adjust the server timeout
timer.
The network device uses the following 802.1X timers:
•
EAD rule timer (
ead-timeout
)
—Sets the lifetime of each EAD rule. When the timer expires
or the user passes authentication, the rule is removed. If users fail to download the EAD client
or fail to pass authentication before the timer expires, they must reconnect to the network to
access the free IP.
•
Handshake timer (
handshake-period
)
—Sets the interval at which the access device
sends client handshake requests to check the online status of a client that has passed
authentication. If the device does not receive a response after sending the maximum number of
handshake requests, it considers that the client has logged off.
•
Quiet timer (
quiet-period
)
—Starts when a client fails authentication. The access device
must wait the time period before it can process the authentication attempts from the client.
•
Periodic reauthentication timer (
reauth-period
)
—Sets the interval at which the network
device periodically reauthenticates online 802.1X users. To enable 802.1X periodic
reauthentication on a port, use the
dot1x re-authenticate
command.
•
Server timeout timer (
server-timeout
)
—Starts when the access device sends a RADIUS
Access-Request packet to the authentication server. If no response is received when this timer
expires, the 802.1X authentication fails.
To avoid forced logoff before the server timeout timer expires, set the server timeout timer to a
value that is lower than or equal to the product of the following values:
The maximum number of RADIUS packet transmission attempts set by using the
retry
command in RADIUS scheme view.
The RADIUS server response timeout timer set by using the
timer response-timeout
command in RADIUS scheme view.
For information about setting the maximum number of RADIUS packet transmission attempts
and the RADIUS server response timeout timer, see AAA configuration in
Security
Configuration Guide
.
•
Client timeout timer (
supp-timeout
)
—Starts when the access device sends an
EAP-Request/MD5-Challenge packet to a client. If no response is received when this timer
expires, the access device retransmits the request to the client.
•
Username request timeout timer (
tx-period
)
—Starts when the device sends an
EAP-Request/Identity packet to a client in response to an authentication request. If the device
does not receive a response before this timer expires, it retransmits the request. The timer also
sets the interval at which the network device sends multicast EAP-Request/Identity packets to
detect clients that cannot actively request authentication.
•
User aging timer (
user-aging
)
—Sets the user aging timer for a type of 802.1X VLAN.
If you enable 802.1X unauthenticated user aging, you can set a user aging timer for Auth-Fail,
critical, or guest VLANs. The user aging timer for a type of 802.1X VLAN determines how long a
user can stay in that type of VLAN.
For more information about how user aging operates, see the usage guidelines for the
dot1x
unauthenticated-user aging enable
command.
Do not set a user aging timer to a multiple of the username request timeout timer (the
dot1x
timer tx-period
command). If you do so, the aging timer will not take effect.
The change to the periodic reauthentication timer applies to the users that have been online only
after the old timer expires. Other timer changes take effect immediately on the device.
Содержание SOHO IE4300
Страница 114: ...ii tftp client ipv6 source 41 tftp client source 41 tftp ipv6 42 tftp server acl 44 tftp server ipv6 acl 44...
Страница 285: ...i Contents Tcl commands 1 cli 1 tclquit 1 tclsh 2...
Страница 288: ...i Contents Python commands 1 exit 1 python 1 python filename 2...
Страница 291: ...i Contents Automatic configuration commands 1 autodeploy udisk enable 1...
Страница 323: ...25 Sysname Ten GigabitEthernet1 0 51 undo shutdown Related commands irf port...
Страница 396: ...i Contents Bulk interface configuration commands 1 display interface range 1 interface range 1 interface range name 3...
Страница 460: ...i Contents Port isolation commands 1 display port isolate group 1 port isolate enable 2 port isolate group 2...
Страница 465: ...ii stp vlan enable 55 vlan mapping modulo 55...
Страница 589: ...60 Examples Enable LLDP for automatic IP phone discovery Sysname system view Sysname voice vlan track lldp...
Страница 602: ...12 Related commands display mvrp statistics...
Страница 609: ...i Contents VLAN mapping commands 1 display vlan mapping 1 vlan mapping 2...
Страница 678: ...9 Related commands reset pppoe relay statistics...
Страница 846: ...i Contents Basic IP forwarding commands 1 display fib 1 ip forwarding table save 2...
Страница 1073: ...i Contents HTTP redirect commands 1 http redirect https port 1 http redirect ssl server policy 1...
Страница 1087: ...Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...
Страница 1340: ...9 Sysname ipv6 route static default preference 120 Related commands display ipv6 routing table protocol...
Страница 1649: ...Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...
Страница 1668: ...Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...
Страница 1770: ...i Contents Time range commands 1 display time range 1 time range 1...
Страница 2026: ...34 Related commands display mac authentication...
Страница 2028: ...ii...
Страница 2143: ...i Contents User profile commands 1 display user profile 1 user profile 2...
Страница 2308: ...61 ipsec transform set...
Страница 2473: ...i Contents TCP attack prevention commands 1 tcp anti naptha enable 1 tcp check state interval 1 tcp state 2...
Страница 2531: ...i Contents SAVI commands 1 ipv6 savi down delay 1 ipv6 savi log enable 1 ipv6 savi strict 2...
Страница 2534: ...3 Sysname ipv6 savi strict Related commands ipv6 verify source...
Страница 2541: ...i Contents Crypto engine commands 1 display crypto engine 1 display crypto engine statistics 1 reset crypto engine statistics 3...
Страница 2545: ...i Contents FIPS commands 1 display crypto version 1 display fips status 1 fips mode enable 2 fips self test 4...
Страница 2791: ...14 Sysname track 1 Related commands delay display track...
Страница 2939: ...9 sntp authentication keyid sntp reliable authentication keyid...
Страница 2967: ...27 Related commands apply poe profile poe enable poe max power interface view poe priority...
Страница 3240: ...Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...
Страница 3263: ...Documentation feedback You can e mail your comments about product documentation to info h3c com We appreciate your comments...