Configures the 802.1X timers for network login.
server-timeout | Specifies the timeout period for a response from the RADIUS (Remote Authentication Dial In User Service) server. The range is 1 to 120 seconds. |
quiet-period | Specifies the time for which the switch will not attempt to communicate with the supplicant after authentication has failed. The range is 0 to 65535 seconds. |
reauth-period | Specifies time after which the switch will attempt to re-authenticate an authenticated supplicant. The range is 0 to 86,400 seconds. |
reauth-max | Specifies the maximum reauthentication counter value. The range is 1 to 10. |
supp-resp-timeout | Specifies the time for which the switch will wait for a response from the supplicant. The range is 1 to 120 seconds. |
reauthentication | Enables or disables dot1x reauthentication |
on | Enables reauthentication. |
off | Disables reauthentication. |
server-timeout—30 seconds.
quiet-period—60 seconds.
reauth-period—3600 seconds.
reauth-max—3.
supp-resp-timeout—30 seconds.
To disable re-authentication, specify 0 for the reauth-period parameter. (If reauth-period is set to 0, reauth-max value doesn't apply.)
server-timeout—ERROR: RADIUS server response timeout out of range (1..120 sec)
quiet-period—%% Invalid number detected at '^' marker. %% Input number must be in the range [0, 65535].
reauth-period—%% Invalid input detected at '^' marker. %% Input number must be in the range [0, 86400].
reauth-max—ERROR: Re-authentication counter value out of range (1..10)
supp-resp-timeout—ERROR: Input number must be in the range [1, 10].
To display the 802.1X timer settings, use the show netlogin command with and without the dot1x option.
If reauthentication is enabled by this command, the session-timeout value sent from RADIUS has priority. If no value is sent from RADIUS, then the locally configured reauth_period defines the reauthentication period.
If the locally configured value is "0" with reauthentication off, and if any session timeout value sent from RADIUS is ignored, the locally configured "0" takes precedence.
The following command changes the 802.1X server-timeout to 10 seconds:
configure netlogin dot1x timers server-timeout 10
This command was first available in ExtremeXOS 11.1.
The reauth-max keyword was added in ExtremeXOS 12.1.
This command is available on the Summit X450-G2, X460-G2, X670-G2, X770, and ExtremeSwitching X440-G2, X590, X620, X690, X870 series switches.