Open as PDF
Configuring 802.1X Authentication 453
host/*.nl.mycorp.com (userglob for the machine authentication rule)
*.nl.mycorp.com (userglob for the user authentication rule)
host/*.de.mycorp.com (userglob for the machine authentication rule)
*.de.mycorp.com (userglob for the user authentication rule)
Bonded Auth Period
The Bonded Auth period is the number of seconds MSS allows a Bonded
Auth user to reauthenticate.
After successful machine authentication, a session for the machine
appears in the session table in MSS. When the user logs on and is
authenticated, the user session replaces the machine session in the table.
However, since the user authentication rule contains the bonded option,
MSS remembers that the machine was authenticated.
If a Bonded Auth user session is ended due to 802.1X reauthentication or
the RADIUS Session-Timeout parameter, MSS can allow time for the user
to reauthenticate. The amount of time that MSS allows for
reauthentication is controlled by the Bonded Auth period.
If the user does not reauthenticate within the Bonded Auth period, MSS
deletes the information about the machine session. After the machine
session information is deleted, the Bonded Auth user cannot
reauthenticate. When this occurs, the user will need to log off, then log
back on, to access the network. After multiple failed reauthentication
attempts, the user might need to reboot the PC before logging on.
By default, the Bonded Auth period is 0 seconds. MSS does not wait for a
Bonded Auth user to reauthenticate.
You can set the Bonded Auth period to a value up to 300 seconds. 3Com
recommends that you try 60 seconds, and change the period to a longer
value only if clients are unable to authenticate within 60 seconds.
To set the Bonded Auth period, use the following command:
set dot1x bonded-period seconds
To reset the Bonded Auth period to its default value (0), use the following
clear dot1x bonded-period