PLANET SGS-5220-24P2X User Manual

Page 227

Advertising
background image

User’s Manual of SGS-5220 Series

switch and the client, and therefore doesn't imply that a client is still present on a

port.

Reauthentication

Period

Determines the period, in seconds, after which a connected client must be

reauthenticated. This is only active if the Reauthentication Enabled checkbox is

checked. Valid values are in the range 1 to 3600 seconds.

Determines the time for retransmission of Request Identity EAPOL frames.

Valid values are in the range 1 to 65535 seconds. This has no effect for

MAC-based ports.

EAPOL Timeout

This setting applies to the following modes, i.e. modes using the Port Security

functionality to secure MAC addresses:

Aging Period

Single 802.1X

Multi 802.1X

MAC-Based Auth

.

When the NAS module uses the Port Security module to secure MAC addresses,

the Port Security module needs to check for activity on the MAC address in

question at regular intervals and free resources if no activity is seen within a

given period of time. This parameter controls exactly this period and can be set to

a number between 10 and 1000000 seconds.

If reauthentication is enabled and the port is in a 802.1X-based mode, this is not

so criticial, since supplicants that are no longer attached to the port will get

removed upon the next reauthentication, which will fail. But if reauthentication is

not enabled, the only way to free resources is by aging the entries.

For ports in MAC-based Auth. mode, reauthentication doesn't cause direct

communication between the switch and the client, so this will not detect whether

the client is still attached or not, and the only way to free any resources is to age

the entry.

Hold Time

This setting applies to the following modes, i.e. modes using the Port Security

functionality to secure MAC addresses:

Single 802.1X

Multi 802.1X

MAC-Based Auth

.

If a client is denied access - either because the RADIUS server denies the client

access or because the RADIUS server request times out (according to the

timeout specified on the "Configuration→Security→AAA" Page) - the client is put

on hold in the Unauthorized state. The hold timer does not count during an

on-going authentication.

In MAC-based Auth. mode, the The switch will ignore new frames coming from

227

Advertising
This manual is related to the following products:

SGS-5220-24T2X

Popular Brands
Popular manuals