Dell FCX624-I Laptop User Manual


  Open as PDF
of 1494
 
PowerConnect B-Series FCX Configuration Guide 1229
53-1002266-01
Configuring 802.1X port security
34
Session-Timeout (27) – RFC 2865
Termination-Action (29) – RFC 2865
Calling-Station-ID (31) – RFC 2865
NAS-Port-Type (61) š RFC 2865
Tunnel-Type (64) – RFC 2868
Tunnel-Medium-Type (65) – RFC 2868
EAP Message (79) – RFC 2579
Message-Authenticator (80) RFC 3579
Tunnel-Private-Group-Id (81) – RFC 2868
NAS-Port-id (87) – RFC 2869
Specifying the RADIUS timeout action
A RADIUS timeout occurs when the Dell PowerConnect device does not receive a response from a
RADIUS server within a specified time limit and after a certain number of retries. The time limit and
number of retries can be manually configured using the CLI commands radius-server timeout and
radius-server retransmit, respectively. If the parameters are not manually configured, the Dell
PowerConnect device applies the default value of three seconds time limit with a maximum of
three retries.
You can better control port behavior when a RADIUS timeout occurs. That is, you can configure a
port on the Dell PowerConnect device to automatically pass or fail users being authenticated. A
pass essentially bypasses the authentication process and permits user access to the network. A
fail bypasses the authentication process and blocks user access to the network, unless
restrict-vlan is configured, in which case, the user is placed into a VLAN with restricted or limited
access. By default, the Dell PowerConnect device will reset the authentication process and retry to
authenticate the user.
Specify the RADIUS timeout action at the Interface level of the CLI.
Permit user access to the network after a RADIUS timeout
To set the RADIUS timeout behavior to bypass 802.1X authentication and permit user access to the
network, enter commands such as the following
PowerConnect(config)#interface ethernet 3/1
PowerConnect(config-if-e100-3/1)#dot1x auth-timeout-action success
Syntax: [no] dot1x auth-timeout-action success
Once the success timeout action is enabled, use the no form of the command to reset the RADIUS
timeout behavior to retry.
Re-authenticate a user
To configure RADIUS timeout behavior to bypass multi-device port authentication and permit user
access to the network, enter commands similar to the following
PowerConnect(config)#interface ethernet 3/1
PowerConnect(config-if-e100-3/1)#dot1x re-auth-timeout-success 60
Syntax: [no] dot1x re-auth-timeout- success <seconds>