Alcatel-Lucent 6600 Switch User Manual


 
Setting Up Port-Based Network Access Control Configuring 802.1X
page 22-12 OmniSwitch 6600 Family Network Configuration Guide April 2006
Note. The authentication server timeout may also be configured (with the server-timeout keyword) but
the value is always superseded by the value set for the RADIUS server through the aaa radius-server
command.
Configuring the Maximum Number of Requests
During the authentication process, the switch sends requests for authentication information from the
supplicant. By default, the switch will send up to two requests for information. If the supplicant does not
reply within the timeout value configured for the supplicant timeout, the authentication session attempt
will expire. The switch will then use its quiet timeout and transmit timeout before accepting an authentica-
tion attempt or sending out an identity request.
To change the maximum number of requests sent to the supplicant during an authentication attempt, use
the max-req keyword with the 802.1x command. For example:
-> 802.1x 3/1 max-req 3
In this example, the maximum number of requests that will be sent is three.
Re-authenticating an 802.1X Port
An automatic reauthentication process may be enabled or disabled on any 802.1X port. The re-authentica-
tion is used to maintain the 802.1X connection (not to re-authenticate the user). The process is transparent
to the 802.1X supplicant. By default, re-authentication is not enabled on the port.
To enable or disable re-authentication, use the reauthentication or no reauthentication keywords with
the 802.1x command. For example:
-> 802.1x 3/1 reauthentication
In this example, re-authentication will periodically take place on port 1 of slot 3.
The re-authperiod parameter may be used to configure the time that must expire before automatic re-
authentication attempts. For example:
-> 802.1x 3/1 reauthentication re-authperiod 25
In this example, automatic re-authentication is enabled, and re-authentication will take place on the port
every 25 seconds.
To manually re-authenticate a port, use the 802.1x re-authenticate command. For example:
-> 802.1x re-authentication 3/1
This command initiates a re-authentication process for port 1 on slot 3.