configure netlogin dot1x timers

configure netlogin dot1x timers [{server-timeout server_timeout} {quiet-period quiet_period} {reauth-period reauth_period {reauth-max max_num_reauths}} {reauthentication [on | off} {supp-resp-timeout supp_resp_timeout}]

Description

Configures the 802.1X timers for network login.

Syntax Description

server-timeout Specifies the timeout period for a response from the RADIUS server. The range is 1 to 120 seconds.
quiet-period Specifies the time for which the switch will not attempt to communicate with the supplicant after authentication has failed. The range is 0 to 65535 seconds.
reauth-period Specifies time after which the switch will attempt to re-authenticate an authenticated supplicant. The range is 0 to 86,400 seconds.
reauth-max Specifies the maximum reauthentication counter value. The range is 1 to 10.
supp-resp-timeout Specifies the time for which the switch will wait for a response from the supplicant. The range is 1 to 120 seconds.
reauthentication Enables or disables dot1x reauthentication
on Enables reauthentication.
off Disables reauthentication.

Default

The defaults are as follows:

  • server-timeout—30 seconds.

  • quiet-period—60 seconds.

  • reauth-period—3600 seconds.

  • reauth-max—3.

  • supp-resp-timeout—30 seconds.

Usage Guidelines

To disable re-authentication, specify 0 for the reauth-period parameter. (If reauth-period is set to 0, reauth-max value doesn't apply.)

If you attempt to configure a timer value that is out of range (not supported), the switch displays an error message. The following is a list of sample error messages:

  • server-timeout—ERROR: RADIUS server response timeout out of range (1..120 sec)

  • quiet-period—%% Invalid number detected at '^' marker. %% Input number must be in the range [0, 65535].

  • reauth-period—%% Invalid input detected at '^' marker. %% Input number must be in the range [0, 86400].

  • reauth-max—ERROR: Re-authentication counter value out of range (1..10)

  • supp-resp-timeout—ERROR: Input number must be in the range [1, 10].

  • greater than RADIUS timeout—Dot1x server timeout should be configured with a value greater than the RADIUS server timeout.

To display the 802.1X timer settings, use the show netlogin command with and without the dot1x option.

If reauthentication is enabled by this command, the session-timeout value sent from RADIUS has priority. If no value is sent from RADIUS, then the locally configured reauth_period defines the reauthentication period.

If the locally configured value is "0" with reauthentication off, and if any session timeout value sent from RADIUS is ignored, the locally configured "0" takes precedence.

Example

The following command changes the 802.1X server-timeout to 10 seconds:

configure netlogin dot1x timers server-timeout 10

History

This command was first available in ExtremeXOS 11.1.

The reauth-max keyword was added in ExtremeXOS 12.1.

Platform Availability

This command is available on ExtremeSwitching X435, X440-G2, X450-G2, X460-G2, X465, X590, X620, X690, and X695 series switches.

9037918-00 Rev AA