Allied Telesis AT-S63 User Manual

Page 662

Advertising
background image

Chapter 28: 802.1x Port-based Network Access Control

662

Section IV: Port Security

1 - Quiet Period
The quiet period is the number of seconds that the port remains in the
quiet state following a failed authentication exchange with the client.
The default value is 60 seconds. The range is 0 to 65,535 seconds.

2 - TX Period
This parameter sets the number of seconds that the switch waits for a
response to an EAP-request/identity frame from the client before
retransmitting the request. The default value is 30 seconds. The range
is 1 to 65,535 seconds.

3 - Reauth Enabled
Specifies if reauthentication should occur according to the
reauthentication period. The options are Enabled or Disabled.

4 - Reauth Period
The reauth period enables periodic reauthentication of the client,
which is disabled by default. The default value is 3600 seconds. The
range is 1 to 65,535 seconds.

5 - Supplicant Timeout
This parameter sets the switch-to-client retransmission time for the
EAP-request frame. The default value for this parameter is 30
seconds. The range is 1 to 600 seconds.

6 - Server Timeout
This parameter sets the timer used by the switch to determine
authentication server timeout conditions. The default value for this
parameter is 30 seconds. The range is 1 to 65,535 seconds.

7 - Max Requests
This parameter specifies the maximum number of times that the switch
retransmits an EAP Request packet to the client before it times out the
authentication session. The default value for this parameter is 2
retransmissions. The range is 1 to 10 retransmissions.

8 - Control Direction
This parameter specifies how the port handles ingress and egress
broadcast and multicast packets when in the unauthorized state. When
a port is set to the Authenticator role, it remains in the unauthorized
state until the client logs on by providing a username and password
combination. In the unauthorized state, the port only accepts EAP
packets from the client. All other ingress packets that the port might
receive from the client, including multicast and broadcast traffic, is
discarded until the supplicant has logged in. The options are:

Ingress - A port, when in the unauthorized state, discards all ingress
broadcast and multicast packets from the client, but forwards all
egress broadcast and multicast traffic to the same client.

Advertising
Popular Brands
Popular manuals