Re-authenticating a port manually, Setting the quiet period – Brocade BigIron RX Series Configuration Guide User Manual

Page 1139

Advertising
background image

BigIron RX Series Configuration Guide

1061

53-1002484-04

Configuring 802.1x port security

34

The re-authentication interval is a global setting, applicable to all 802.1x-enabled interfaces. If you
want to re-authenticate Clients connected to a specific port manually, use the dot1x
re-authenticate command. See

“Re-authenticating a port manually”

, below.

Re-authenticating a port manually

When periodic re-authentication is enabled, by default the BigIron RX re-authenticates Clients
connected to an 802.1x-enabled interface every 3,600 seconds (or the time specified by the dot1x
timeout re-authperiod command). You can also manually re-authenticate Clients connected to a
specific port.

For example, to re-authenticate Clients connected to interface 3/1, enter the following command.

BigIron RX# dot1x re-authentication ethernet 3/1

Syntax: [no] dot1x re-authenticate <portnum>

Setting the quiet period

If the BigIron RX is unable to authenticate the Client, the BigIron RX waits a specified amount of
time before trying again. The amount of time the BigIron RX waits is specified with the quiet-period
parameter. This timer also indicates how long a client that failed authentication would have its
blocked entry programmed into the hardware.The quiet-period parameter can be from 0 –
4294967295 seconds. The default is 60 seconds.

For example, to set the quiet period to 30 seconds, enter the following command.

BigIron RX(config-dot1x)# timeout quiet-period 30

Syntax: [no] timeout quiet-period <seconds>

Setting the interval for retransmission of EAP-request/
identity frames

When the BigIron RX sends a Client an EAP-request/identity frame, it expects to receive an
EAP-response/identity frame from the Client. If the Client does not send back an
EAP-response/identity frame, the device waits a specified amount of time and then retransmits the
EAP-request/identity frame. You can specify the amount of time the BigIron RX waits before
retransmitting the EAP-request/identity frame to the Client. This amount of time is specified with
the tx-period parameter. The tx-period parameter can be from 1 – 65535 seconds. The default is
30 seconds.

For example, to cause the BigIron RX to wait 60 seconds before retransmitting an
EAP-request/identity frame to a Client, enter the following command.

BigIron RX(config-dot1x)# timeout tx-period 60

Syntax: [no] timeout tx-period <seconds>

If the Client does not send back an EAP-response/identity frame within 60 seconds, the device will
transmit another EAP-request/identity frame.

Advertising
Popular Brands
Popular manuals